!!! OpenID

!! External sources

|[openid4java|http://code.sxip.com/openid4java/]|[openid4java API|http://code.sxip.com/openid4java/apidoc/]|[Interesting article on ServerSide.com|http://www.theserverside.com/tt/articles/content/OpenID/article.html]
|[A Recipe for OpenID-Enabling Your Site|http://www.plaxo.com/api/openid_recipe]|[Beginners Guide|http://www.notsorelevant.com/2007-09-02/a-beginners-guide-to-openid/]|[Attribute types|http://www.axschema.org/types/#sreg]
|[OpenID enabled sites|https://www.myopenid.com/directory] | [Public OpenID providers|http://wiki.openid.net//OpenIDServers]|-
|[The OpenID book|openid-book.pdf]|[OpenID demo build]|-


!! Questions I currently have.

* Who decides, and how, which OP to use for authentication, is it the OpenID-enabled website, or is the user logging in (I would guess the first one)
** answer: -
* If the website decides which OP to use, can you configure multiple OP's, and an order ?
** answer: Nope, the user's OpenID URL points to a webpage, this page contains the following HTML element:
{{{
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid2.provider" href="http://www.myopenid.com/server" />
}}}
This determines where the consumer should ask for authentication.
* Can the consumer control which OP's to allow and which ones not. (you could operate your own malicious OP , ne ?)