Paul, actually Yahoo! appends something like "#f8407" to the end of those identity uris when negotiating authentication. So the uri retrieved back from Yahoo is not the same as the one sent.<br><br><div class="gmail_quote">
On Fri, Apr 11, 2008 at 3:49 PM, Paul Madsen <<a href="mailto:paulmadsen@rogers.com">paulmadsen@rogers.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Nate, the identifiers that Yahoo creates do not append randomness,<br>
but rather replace the non-randomness, e.g. my nickname<br>
<br>
Yahoo shows me 2 URIs I can use<br>
<br>
<a href="https://me.yahoo.com/mudmanish" target="_blank">https://me.yahoo.com/mudmanish</a><br>
<a href="https://me.yahoo.com/a/f5cCqMMk3cHENnlFB.2yrouEXWAl7KEe7hp84I.jA--" target="_blank">https://me.yahoo.com/a/f5cCqMMk3cHENnlFB.2yrouEXWAl7KEe7hp84I.jA--</a><br>
<br>
I assume (hope) that, were I to use the second at some RP, Yahoo! would<br>
subsequently give me a different one at another RP<br>
<font color="#888888"><br>
paul<br>
</font><div><div></div><div class="Wj3C7c"><br>
Nate Klingenstein wrote:<br>
> Paul,<br>
><br>
> I can appreciate the pseudonyms and the use of directed identity, but<br>
> how does this enhance the privacy of users, if it's really just an<br>
> appended string? Isn't it trivially more difficult to correlate by<br>
> simply truncating the URL? Maybe I'm misinterpreting something, but<br>
> if an RP turned rogue, I don't think that #abc123 would be much to<br>
> overcome.<br>
><br>
> Thanks,<br>
> Nate.<br>
>><br>
><br>
>> 1) the opaque characters you are seeing in the Yahoo OpenIDs support<br>
>><br>
>> enhanced privacy (by inhibiting correlation), its a feature called<br>
>><br>
>> 'directed identity'<br>
>><br>
>>><br>
>>> Yahoo! (and Flickr) - we've got it working, it would have been a snap<br>
>>><br>
>>> except that Yahoo! is appending an alpha numeric string to the end of<br>
>>><br>
>>> the identity URL. We cannot find documentation detailing the purpose<br>
>>><br>
>>> of that string.<br>
>>><br>
><br>
<br>
</div></div><div><div></div><div class="Wj3C7c">--<br>
Paul Madsen e:paulmadsen @ <a href="http://ntt-at.com" target="_blank">ntt-at.com</a><br>
NTT p:613-482-0432<br>
m:613-282-8647<br>
aim:PaulMdsn5<br>
web:<a href="http://connectid.blogspot.com" target="_blank">connectid.blogspot.com</a><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="mailto:will.merydith@gmail.com">will.merydith@gmail.com</a><br><br>cell 641.233.7548<br><br>CTO - 3Mix.com<br>Blog - LivingInSmallSizes.com