Third, it suggests that whatever metadata the user doesn't provide herself, a site author may attempt to harvest elsewhere.
Which is something we need to establish best practices around, to discourage just that: the *attempt* to harvest correlating (meta)data elsewhere. Site authors who mix up authentication data and accidentally commit identity theft on the user's behalf will not be admired.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
