[OpenID] Bug in OpenID RP implementations
Eric Norman
ejnorman at doit.wisc.edu
Fri Jan 2 01:44:58 UTC 2009
On Jan 1, 2009, at 6:40 PM, Martin Atkins wrote:
> OpenID really needs a way to migrate from one identifier to another
> without breaking the connection to existing accounts.
If RPs do indeed include the "http(s)://" as part of their
account identifiers, then yep, there's a migration problem.
In any case, I suggest that y'all rethink the notion that
URLs that only differ by that "s" can represent different
entities. I note that the above statement about what
OpenID needs makes an implicit assumption that such URLs
would represent the same entity.
Eric Norman
More information about the general
mailing list