[OpenID] What's broken in OpenID 2.0? (IIW session)
Martin Atkins
mart at degeneration.co.uk
Thu May 10 17:13:16 UTC 2007
ydnar wrote:
> Can the OP override the user’s input?
>
> User asserts: brad.livejournal.com
> LiveJournal overrides with: openid.livejournal.com/584593450349
>
> Which (for LiveJournal) would be guaranteed unique, never recycled.
>
This is essentially the XRI mechanism, but done over HTTP instead. We
did also talk before about trying to make XRI-style synonyms (which
would solve this and other similar problems) with HTTP URLs, but I think
the main trouble is figuring out a way that this can be done securely
without adding significant overhead.
More information about the general
mailing list