Johnny Bufu wrote:
> We did look at this (with Drummond) in December. The bottom line is  
> that it can't be done easily - a mechanism similar to XRI's canonical  
> ID verification would have to be employed, to confirm that the i- 
> number actually 'belongs' to the URL on which discovery was  
> initiated. (Otherwise anyone could put any i-number in their URL- 
> based XRDS files.)

Indeed, CanonicalID verification would be necessary, but it's already 
necessary if you want to accept XRI-based logins anyway.

Last time we were talking about this CanonicalID verification for XRI 
was not yet specified. Is it now specified somewhere?

specs mailing list

Reply via email to