RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling)

2007-06-05 Thread =drummond.reed
Josh Hoyt wrote: The fragment is not secret. It is not protecting your OpenID. You should be able to get the fragment from any relying party that you visited. You might choose to use a fragment if you have acquired a recycled identifier, but you can choose the fragment. It protects *nothing* if

Re: The WordPress User Problem (WAS: RE: Specifying identifierrecycling)

2007-06-05 Thread Josh Hoyt
On 6/5/07, Drummond Reed [EMAIL PROTECTED] wrote: I supposed this doesn't apply to large sites, where all identifiers are managed in trust for users and they can enforce non-access to previous fragments. But for personal URLs it doesn't appear to work at all. Am I missing anything? Enabling

RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling)

2007-06-05 Thread =drummond.reed
, 2007 3:50 PM To: Johnny Bufu Cc: OpenID specs list Subject: RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling) At that point I'd be concerned as to solving the big OP issue while not solving the lost domain issue when some of the proposals could possible solve both

RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling)

2007-06-05 Thread Recordon, David
: Tuesday, June 05, 2007 3:50 PM To: Johnny Bufu Cc: OpenID specs list Subject: RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling) At that point I'd be concerned as to solving the big OP issue while not solving the lost domain issue when some of the proposals could possible