[OpenID] Flickr / Yahoo OpenID implementation
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Tue Jan 13 07:07:01 UTC 2009
On 01/13/2009 08:40 AM, Eran Hammer-Lahav:
>
> OpenID is a little/vary/completely broken when it comes to its
> handling of Claimed Identifiers. The level of how broken depends on
> your use case and threat model. It is also inconsistent in that if you
> use your blog URL (custom domain name) as an OpenID, but the hosting
> service you use redirects to another domain (for example, you use
> http://example.com as your blog, but your service is serving it off
> http://example.blogservice.com or http://blogservice.com/example), the
> RP has to use the redirected URL and not the one you entered.
>
Correct! And this is by design, it's not broken. And don't even think
about changing this pattern :-)
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090113/87872d36/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090113/87872d36/attachment-0002.bin>
More information about the general
mailing list