[OpenID] "Nightmare" article on OpenID
John Bradley
ve7jtb at ve7jtb.com
Thu Nov 18 00:55:03 UTC 2010
The value of openid.realm is used to determine the value of the persistent userID returned by Google.
There is a PAPE parameter that can trigger the same behaviour in other OP where the RP doesn't want a correlatable identifier (some Gov sites ).
Google is the only OP that is currently doing that by default, that I know of.
I know that you can now use a custom openID URL, but that requires the user to rebind their account at the RP.
The topic of identifier migration has been discussed quite a bit recently.
John B.
On 2010-11-17, at 9:01 PM, Bill Shupp wrote:
> http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened
>
> I'm curious about the claim that Google's unique identifiers changed, and he lost access to his users. Does anyone know if there's anything to that? I thought that was bound to the realm or return_to parameter.
>
> Cheers,
>
> Bill
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20101117/32778575/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20101117/32778575/attachment.bin>
More information about the general
mailing list