XRI canonical id question

Johannes Ernst jernst+openid.net at netmesh.us
Tue Oct 10 16:16:20 UTC 2006


Drummond:

The current auth draft says in section 11.4:
     If the Verified Identifier is an XRI, the discovered CanonicalID  
field from the XRD SHOULD be used as a key for local storage of  
information about the End User.

Is there ever a scenario where the identifier is disassociated from  
the CanonicalID? I was wondering whether there is a potential  
security hole?

[I simply don't know, so I'm asking you ;-) ]




Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061010/08faf68e/attachment-0002.gif>
-------------- next part --------------
  http://netmesh.info/jernst






More information about the specs mailing list