[OpenID] Flickr / Yahoo OpenID implementation
Eran Hammer-Lahav
eran at hueniverse.com
Tue Jan 13 07:08:33 UTC 2009
That pattern is by design and not a bug.
What’s broken is the complete package, and it is mostly a subjective view.
EHL
From: Eddy Nigg (StartCom Ltd.) [mailto:eddy_nigg at startcom.org]
Sent: Monday, January 12, 2009 11:07 PM
To: Eran Hammer-Lahav
Cc: general at openid.net
Subject: Re: [OpenID] Flickr / Yahoo OpenID implementation
On 01/13/2009 08:40 AM, Eran Hammer-Lahav:
OpenID is a little/vary/completely broken when it comes to its handling of Claimed Identifiers. The level of how broken depends on your use case and threat model. It is also inconsistent in that if you use your blog URL (custom domain name) as an OpenID, but the hosting service you use redirects to another domain (for example, you use http://example.com as your blog, but your service is serving it off http://example.blogservice.com or http://blogservice.com/example), the RP has to use the redirected URL and not the one you entered.
Correct! And this is by design, it's not broken. And don't even think about changing this pattern :-)
Regards
Signer:
Eddy Nigg, StartCom Ltd.<http://www.startcom.org>
Jabber:
startcom at startcom.org<xmpp:startcom at startcom.org>
Blog:
Join the Revolution!<http://blog.startcom.org>
Phone:
+1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090113/db957de6/attachment-0002.htm>
More information about the general
mailing list