> Well, when I login my registered ID is www.voidspace.org.uk and *not* > fuzzyman.myopenid.com - so I believe you are incorrect (and in fact this > very point was touted as one of the advantages of openid - that your > account is independent of your provider and that you *can* change > provider whilst retaining the same id). On the wire (between relying party and provider), voidspace.org.co.uk does never appear. From the OpenID 1.1 specification: # Now, when a Consumer sees that, it'll talk to # http://www.livejournal.com/openid/server.bml and ask if the End User # is exampleuser.livejournal.com, never mentioning www.example.com # anywhere on the wire. So all I (as a relying party) get verifyied is fuzzyman.myopenid.com. Why should I trust that voidspace.org.uk is actually a valid ID? Can't you then produce hundreds of IDs, all delegating to the same identity? IOW, why should I (as a relying party) pay any attention to the ID that you entered, rather than to what I get actually validated? Regards, Martin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4