OpenID Hybrid v2 Proposal (formerly known OpenID Connect)
Allen Tom
atom at yahoo-inc.com
Thu May 27 15:43:44 UTC 2010
There's nothing to stop users from choosing a long identifier composed of
random characters from the base64 character set. In practice, this doesn't
seem that happen that often...
Allen
On 5/26/10 5:26 PM, "SitG Admin" <sysadmin at shadowsinthegarden.com> wrote:
>> Users who want to use their Flickr Photostream url as an OpenID are "forced"
>> to pick a vanity Flickr URL.
>
> So there's nothing to stop them from picking a vanity Flickr URL that
> is indistinguishable from a machine-generated, "not for human
> consumption" URL?
>
> We say "human readable" but I think what it means is "CAN be human
> readable", in the technical sense that it is not prevented outright.
> There is still no assurance, even before mixing different languages
> into this, that other humans will find it to be "readable".
More information about the specs
mailing list