XRI canonical id question
Johannes Ernst
jernst+openid.net at netmesh.us
Tue Oct 10 16:16:20 UTC 2006
Drummond:
The current auth draft says in section 11.4:
If the Verified Identifier is an XRI, the discovered CanonicalID
field from the XRD SHOULD be used as a key for local storage of
information about the End User.
Is there ever a scenario where the identifier is disassociated from
the CanonicalID? I was wondering whether there is a potential
security hole?
[I simply don't know, so I'm asking you ;-) ]
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061010/08faf68e/attachment-0002.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the specs
mailing list