[OpenID] Supporting OpenID
Paul Madsen
paulmadsen at rogers.com
Fri Apr 11 20:49:39 UTC 2008
Hi Nate, the identifiers that Yahoo creates do not append randomness,
but rather replace the non-randomness, e.g. my nickname
Yahoo shows me 2 URIs I can use
https://me.yahoo.com/mudmanish
https://me.yahoo.com/a/f5cCqMMk3cHENnlFB.2yrouEXWAl7KEe7hp84I.jA--
I assume (hope) that, were I to use the second at some RP, Yahoo! would
subsequently give me a different one at another RP
paul
Nate Klingenstein wrote:
> Paul,
>
> I can appreciate the pseudonyms and the use of directed identity, but
> how does this enhance the privacy of users, if it's really just an
> appended string? Isn't it trivially more difficult to correlate by
> simply truncating the URL? Maybe I'm misinterpreting something, but
> if an RP turned rogue, I don't think that #abc123 would be much to
> overcome.
>
> Thanks,
> Nate.
>>
>
>> 1) the opaque characters you are seeing in the Yahoo OpenIDs support
>>
>> enhanced privacy (by inhibiting correlation), its a feature called
>>
>> 'directed identity'
>>
>>>
>>> Yahoo! (and Flickr) - we've got it working, it would have been a snap
>>>
>>> except that Yahoo! is appending an alpha numeric string to the end of
>>>
>>> the identity URL. We cannot find documentation detailing the purpose
>>>
>>> of that string.
>>>
>
--
Paul Madsen e:paulmadsen @ ntt-at.com
NTT p:613-482-0432
m:613-282-8647
aim:PaulMdsn5
web:connectid.blogspot.com
More information about the general
mailing list