Josh Hoyt wrote:
The fragment is not secret. It is not protecting your OpenID. You
should be able to get the fragment from any relying party that you
visited. You might choose to use a fragment if you have acquired a
recycled identifier, but you can choose the fragment. It protects
*nothing* if
On 6/5/07, Drummond Reed [EMAIL PROTECTED] wrote:
I supposed this doesn't apply to large sites, where all identifiers are
managed in trust for users and they can enforce non-access to previous
fragments. But for personal URLs it doesn't appear to work at all. Am I
missing anything?
Enabling
, 2007 3:50 PM
To: Johnny Bufu
Cc: OpenID specs list
Subject: RE: The WordPress User Problem (WAS: RE: Specifying
identifierrecycling)
At that point I'd be concerned as to solving the big OP issue while
not solving the lost domain issue when some of the proposals could
possible solve both
