[OpenID] What's broken in OpenID 2.0? (IIW session)
ydnar
ydnar at shaderlab.com
Thu May 10 18:56:05 UTC 2007
How significant (read: incompatible) a change would this be to the spec?
URL recycling on services like LiveJournal or Vox is a pretty real
issue: Users can elect to change their URL at any time. Their old URL
could then be adopted by another user. Having the underlying mapping
be an opaque value (or a guaranteed never-recycled URL) instead of
the actual URL would address this.
Randy
On May 10, 2007, at 10:13 AM, Martin Atkins wrote:
> ydnar wrote:
>> Can the OP override the user’s input?
>>
>> User asserts: brad.livejournal.com
>> LiveJournal overrides with: openid.livejournal.com/584593450349
>>
>> Which (for LiveJournal) would be guaranteed unique, never recycled.
>>
>
> This is essentially the XRI mechanism, but done over HTTP instead. We
> did also talk before about trying to make XRI-style synonyms (which
> would solve this and other similar problems) with HTTP URLs, but I
> think
> the main trouble is figuring out a way that this can be done securely
> without adding significant overhead.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list