[OpenID] Recommendation for future OpenID spec
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Feb 11 02:29:27 UTC 2009
>Adding an openid.testing_only=true parameter would not accomplish
>anything, because if it did, I could take your OpenID, tack on
>openid.testing_only, and suddenly be able to get the OP to assert
>your identity although it isn't you. That obviously isn't
>acceptable.
I'm having another not-solid thought about NIST level negative one,
but I'm squashing it.
I can see how enabling test mode could be problematic for multi-user
Providers; also, such a check would have burdened libraries that
otherwise need not concern themselves with whether such an argument
is present or not.
-Shade
More information about the general
mailing list