Login Federation
SignpostMarv Martin
signpostmarv.martin at slopenid.net
Tue Feb 19 13:38:36 UTC 2008
>
> On 2/19/08, *Brett Carter* <brett at rdnzl.net <mailto:brett at rdnzl.net>>
> wrote:
>
> This is close to what I was thinking, however why not simply pass
> the user's open id url to the external site, through some yet
> undefined parameter. This way, there's little chance for cache
> poisoning. Passing the open id url, the consumer site can just
> proceed with authentication normally, using any cached data it has
> already. Also, I think IMG tags are a better idea than IFRAMES,
> in another post. They're more compatible, for one.
>
As people have mentioned (although without using reply to all :-P),
using the <img> tag would provide for an anti-phishing method by
allowing the user to specify the image that loads.
More information about the specs
mailing list