[OpenID] Claimed Identifiers and Query String Parameters

[SitG Admin]

>Although mine is andrewarnott, it could have been 
><http://noGuy1.myopenid.com>noGuy1.myopenid.com, which wouldn't help 
>you any more than 
><https://me.yahoo.com/a/cJASAdp4x5Rx6CU9olKi7rMkG1TX_7Yl1kQ->https://me.yahoo.com/a/cJASAdp4x5Rx6CU9olKi7rMkG1TX_7Yl1kQ- to 
>figure out who this guy is or whether he's just trying to take 
>advantage of your RP.

In the code, no - automation based on lack of understanding just 
automates making the same mistakes. I didn't want to have the 
Consumer automatically detect and reject Directed Identity, just give 
users the gentle suggestion that, since the anonymity factor of 
Directed Identity (as I'd seen it used by Yahoo) makes it impossible 
to confirm or deny their association with their actual account (with 
the OP/site), I wouldn't be able to assign them any special 
privileges reserved for the Identity they had a page for. This way, I 
could actually assign those privileges in *advance* (of their ever 
logging in), but not miss them too easily just because they decided 
to log in with Directed Identity instead of claiming their Identity 
page.

>In fact Yahoo can issue ordinary-looking claimed IDs.  It just 
>recommends to its users when they first set up their OpenID account 
>that the users opt out of that option.

As long as Yahoo isn't issuing user-selected claimed ID's that are 
identical to the URI's any other user might claim as their public, 
acknowledged (Flickr?) page, and lets users opt back *in* if they 
change their minds later, this looks fine :)

-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080903/5da6636a/attachment-0002.htm>