[OpenID] Problems with delegation and directed identity OPs
Martin Atkins
mart at degeneration.co.uk
Thu Nov 6 20:33:19 UTC 2008
Johannes Ernst wrote:
>
> On Nov 6, 2008, at 11:02, Martin Atkins wrote:
>
>> ...A good argument for not showing identifiers directly in the UI, I
>> guess.
>
> I disagree.
>
> http://netmesh.info/jernst/Digital_Identity/phriend-phishing.html
>
> Just like e-mail addresses, OpenID identifiers should be human-readable.
>
Indeed. One thing that came up in the "should email addresses be sent in
openid.identity" debate is that we can't display email addresses as we
can URLs.
However, I note that Google Code (and, I imagine, some other Google
properties too) manage to get away with using email addresses as public
identifiers without any major grief. In some cases the full email
address is masked but can be revealed by solving a CAPTCHA.
More information about the general
mailing list