[OpenID] EU regulators call for tighter privacy provisions onOpenID, Facebook (U)
Andrew Arnott
andrewarnott at gmail.com
Fri Jun 19 05:26:10 UTC 2009
On Thu, Jun 18, 2009 at 9:41 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> Well, the spec does allow the OP to ignore the claimed identifier and to
> just treat all requests as an OP-identifier.
>
If it does, then I don't like that part of the spec. IMO if the RP wanted
to use an OP Identifier it could have used one. But if an RP needs to
verify that a user controls a particular identifier, then it loses that
ability for OPs that ignore the claimed_id in the request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090618/0491b376/attachment.htm>
More information about the general
mailing list