[OpenID] Yahoo hijacking?
Allen Tom
atom at yahoo-inc.com
Sat Apr 19 01:58:18 UTC 2008
SitG Admin wrote:
>> This realm discovery feature was added to patch a security hole in
>> OpenID 1.1, and is one of the main reasons why Yahoo does not support
>> OpenID 1. More details here:
>>
>> http://openid.net/pipermail/security/2007-February/000241.html
>
> Is this feature exclusive to Yahoo, or is it part of the 2.0 specs?
>
> -Shade
This feature is defined in Section 13 of the OpenID 2.0 spec.
http://openid.net/specs/openid-authentication-2_0.html#rp_discovery
It's really a good idea for OPs to implement this.
Allen
More information about the general
mailing list