[OpenID] Recommendation for future OpenID spec
Andrew Arnott
andrewarnott at gmail.com
Wed Feb 11 01:21:09 UTC 2009
Shade,
Thanks for your thoughts. The point of these testing-only Identifiers would
be that no authentication of the user agent would take place. Adding an
openid.testing_only=true parameter would not accomplish anything, because if
it did, I could take your OpenID, tack on openid.testing_only, and suddenly
be able to get the OP to assert your identity although it isn't you. That
obviously isn't acceptable.
And personally, I have no reservation whatsoever with reserving
TestIdentifierAlwaysAssert as a test identifier at every OP. Really, come
on, it's not like there's a lack of space in the identifier namespace out
there, and if someone actually wanted that as their identifier. Tough. I
wanted "Andrew" too, but that was taken. I move on.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
On Tue, Feb 10, 2009 at 4:34 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> Thoughts like 'openid.testing_only=true' and "What if I *want* to be known
> across the web as http://shadowsinthegarden.com/TestIdentifierAlwaysAssert?
> Help! The specs are killing perfectly valid ASCII sequences for URI's!" are
> crossing my mind, but nothing solid.
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090210/12ca6f6b/attachment-0002.htm>
More information about the general
mailing list