On 5-Jun-07, at 8:00 AM, Recordon, David wrote:
I think the largest concern I have with fragments, or really any
pair-wise shared secret which can't be renegotiated, is that while it
solves issues for the large service providers it actually inhibits
OpenID within the grassroots community.
On 6/5/07, Recordon, David [EMAIL PROTECTED] wrote:
Imagine if I install WordPress (or insert other app here) on
https://davidrecordon.com and check the Use fragments to protect my
OpenID box. A few months later I decide to remove WordPress, or an
upgrade blows away my OpenID extension data,
On 5-Jun-07, at 11:12 AM, Josh Hoyt wrote:
On 6/5/07, Recordon, David [EMAIL PROTECTED] wrote:
Imagine if I install WordPress (or insert other app here) on
https://davidrecordon.com and check the Use fragments to protect my
OpenID box. A few months later I decide to remove WordPress, or an
On 5-Jun-07, at 11:58 AM, Josh Hoyt wrote:
The relying parties SHOULD make the fragment available to software
agents, at least, so that it's possible to compare identifiers across
sites. If the fragment is never available, then there is confusion
about which user of an identifier is
at the pretty one. I know I need to write this up
more...
--David
-Original Message-
From: Johnny Bufu [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 3:18 PM
To: Recordon, David
Cc: Josh Hoyt; Johannes Ernst; OpenID specs list
Subject: Re: The WordPress User Problem (WAS: RE: Specifying
