PROTECTED] On
Behalf Of Recordon, David
Sent: Tuesday, June 05, 2007 3:50 PM
To: Johnny Bufu
Cc: OpenID specs list
Subject: RE: The "WordPress" User Problem (WAS: RE: Specifying
identifierrecycling)
At that point I'd be concerned as to solving the "big OP issue" whil
uesday, June 05, 2007 3:50 PM
To: Johnny Bufu
Cc: OpenID specs list
Subject: RE: The "WordPress" User Problem (WAS: RE: Specifying
identifierrecycling)
At that point I'd be concerned as to solving the "big OP issue" while
not solving the "lost domain issue" wh
On 6/5/07, Drummond Reed <[EMAIL PROTECTED]> wrote:
> I supposed this doesn't apply to large sites, where all identifiers are
> managed "in trust" for users and they can enforce non-access to previous
> fragments. But for personal URLs it doesn't appear to work at all. Am I
> missing anything?
Ena
>Josh Hoyt wrote:
>
>The fragment is not secret. It is not "protecting" your OpenID. You
>should be able to get the fragment from any relying party that you
>visited. You might choose to use a fragment if you have acquired a
>recycled identifier, but you can choose the fragment. It protects
>*nothi