ugly" URL
which points back at the pretty one. I know I need to write this up
more...
--David
-Original Message-
From: Johnny Bufu [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 3:18 PM
To: Recordon, David
Cc: Josh Hoyt; Johannes Ernst; OpenID specs list
Subject: Re: Th
On 5-Jun-07, at 11:58 AM, Josh Hoyt wrote:
> The relying parties SHOULD make the fragment available to software
> agents, at least, so that it's possible to compare identifiers across
> sites. If the fragment is never available, then there is confusion
> about which user of an identifier is respons
specs list
Subject: Re: The "WordPress" User Problem (WAS: RE: Specifying
identifier recycling)
On 6/5/07, Johnny Bufu <[EMAIL PROTECTED]> wrote:
> > The fragment is not secret. It is not "protecting" your OpenID. You
> > should be able to get the fragment fro
On 6/5/07, Johnny Bufu <[EMAIL PROTECTED]> wrote:
> > The fragment is not secret. It is not "protecting" your OpenID. You
> > should be able to get the fragment from any relying party that you
> > visited.
>
> I believe David's point is that you cannot retrieve the fragment from
> the RP if you hav
On 5-Jun-07, at 11:12 AM, Josh Hoyt wrote:
> On 6/5/07, Recordon, David <[EMAIL PROTECTED]> wrote:
>> Imagine if I install WordPress (or insert other app here) on
>> https://davidrecordon.com and check the "Use fragments to protect my
>> OpenID" box. A few months later I decide to remove WordPre
On 6/5/07, Recordon, David <[EMAIL PROTECTED]> wrote:
> Imagine if I install WordPress (or insert other app here) on
> https://davidrecordon.com and check the "Use fragments to protect my
> OpenID" box. A few months later I decide to remove WordPress, or an
> upgrade blows away my OpenID extension
On 5-Jun-07, at 8:00 AM, Recordon, David wrote:
> I think the largest concern I have with fragments, or really any
> pair-wise shared secret which can't be renegotiated, is that while it
> solves issues for the large service providers it actually inhibits
> OpenID within the grassroots community.
