[OpenID] Supporting OpenID

Will Merydith will.merydith at gmail.com
Fri Apr 11 20:53:15 UTC 2008 

Paul, actually Yahoo! appends something like "#f8407" to the end of those
identity uris when negotiating authentication.  So the uri retrieved back
from Yahoo is not the same as the one sent.

On Fri, Apr 11, 2008 at 3:49 PM, Paul Madsen <paulmadsen at rogers.com> wrote:

> Hi Nate, the identifiers that Yahoo creates do not append randomness,
> but rather replace the non-randomness, e.g. my nickname
>
> Yahoo shows me 2 URIs I can use
>
> https://me.yahoo.com/mudmanish
> https://me.yahoo.com/a/f5cCqMMk3cHENnlFB.2yrouEXWAl7KEe7hp84I.jA--
>
> I assume (hope) that, were I to use the second at some RP, Yahoo! would
> subsequently give me a different one at another RP
>
> paul
>
> Nate Klingenstein wrote:
> > Paul,
> >
> > I can appreciate the pseudonyms and the use of directed identity, but
> > how does this enhance the privacy of users, if it's really just an
> > appended string?  Isn't it trivially more difficult to correlate by
> > simply truncating the URL?  Maybe I'm misinterpreting something, but
> > if an RP turned rogue, I don't think that #abc123 would be much to
> > overcome.
> >
> > Thanks,
> > Nate.
> >>
> >
> >> 1) the opaque characters you are seeing in the Yahoo OpenIDs support
> >>
> >> enhanced privacy (by inhibiting correlation), its a feature called
> >>
> >> 'directed identity'
> >>
> >>>
> >>> Yahoo! (and Flickr) - we've got it working,  it would have been a snap
> >>>
> >>> except that Yahoo! is appending an alpha numeric string to the end of
> >>>
> >>> the identity URL.  We cannot find documentation detailing the purpose
> >>>
> >>> of that string.
> >>>
> >
>
> --
> Paul Madsen            e:paulmadsen @ ntt-at.com
> NTT                    p:613-482-0432
>                       m:613-282-8647
>                       aim:PaulMdsn5
>                       web:connectid.blogspot.com
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
will.merydith at gmail.com

cell 641.233.7548

CTO - 3Mix.com
Blog - LivingInSmallSizes.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080411/8a8c39b5/attachment-0002.htm>

More information about the general mailing list