I wasn't at IIW, so please bear with me.

In reference to the wiki at
http://openid.net/wiki/index.php/IIW2007a/Identifier_Recycling, can somebody
clarify what some of the terminology means?  Specific questions are below.

1.) For URL+Fragment, what is the distinction between "private" and

2.) Ditto For URL+Token (I assume this means a public vs. private token?)

3.) What does "DE" mean in the "Does not require change to DE"?

4.) In the "Stolen OP account" header, it appears that all 4 of the proposed
methods have problems.  However do we really want an identifier to be
recycled if an account is stolen ( i.e., what if an account is only stolen
for a brief period, but then recovered?)

4.) What is "Active Recycling"?

5.) In the "New DB Field" header, doesn't an OP/RP need a new DB field in
the fragment scheme, in order to distinguish between the id and the current
fragment?  Or does the OP/RP simply store the whole URL (fragment included)
and parse as necessary?

6a.) What is "MO" in "MO Strip Fragment"?

6b.) What does the "MO Strip Fragment" header mean in general?


specs mailing list

Reply via email to