query parameters in identity URLs
paul at ciphergoth.org
Tue Jun 28 01:42:05 PDT 2005
Brad Fitzpatrick wrote:
> What should we do about it?
There's basically nothing you can do about it. OpenIDs are not "escape
resistant" or "expensive IDs" - in fact, they're just about the cheapest
IDs in the world. There's not much point in trying to make it difficult
for people to create new ones at will.
The most you could do would be to try and create measures that meant
that the owner of a particular domain could try and prevent their users
from creating more than one ID each in that domain. openid.canonical
would be one way of doing that - I'll discuss that separately.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis