On 6/5/07, Drummond Reed <[EMAIL PROTECTED]> wrote: > I supposed this doesn't apply to large sites, where all identifiers are > managed "in trust" for users and they can enforce non-access to previous > fragments. But for personal URLs it doesn't appear to work at all. Am I > missing anything?
Enabling recycling for large sites that control their own identifiers was the use case that was declared mandatory to cover for the OpenID 2.0 specification. I would personally like to have a solution that protects identifiers without a central manager, but that is not the case that is holding up OpenID 2.0. Josh _______________________________________________ specs mailing list email@example.com http://openid.net/mailman/listinfo/specs