[OpenID] Combining Google & Yahoo user experience research
Peter Williams
pwilliams at rapattoni.com
Tue Oct 21 17:44:00 UTC 2008
And there is the rub. YADIS is not performed by a browser. Formally, YADIS resolves Identifiers (which are generic URLs), of which HTTP URL is just one type. Nothing stops (as Netscape did, when creating https) other HTTP-like URL schemes.
We are being ultra formal at this point. Half the class already lost it (including me). Arguably, that's bad specification/writing.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of SitG Admin
Sent: Tuesday, October 21, 2008 8:58 AM
To: Johnny Bufu
Cc: general at openid.net
Subject: Re: [OpenID] Combining Google & Yahoo user experience research
>RPs can, using no more than OpenID 2.0, perform OpenID discovery on
>http(s)://user at example.com/
I don't think '@' is an allowable character in domain names. Also, an
older version of Internet Explorer used to interpret that as a
pre-specified login name for authentication and would hold onto those
values (usually two, i.e. 'username:password@') waiting for a prompt,
but actually SEND the string AFTER the '@'. This was eventually
removed because it posed a security problem; phishers would use URL's
such as 'msn.com/account/login at badsite.com' and IE would simply
ignore everything preceding the '@'!
-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list