against using user@host identifiers

Martin Atkins mart at degeneration.co.uk
Thu Jun 2 15:37:56 PDT 2005


Brad Fitzpatrick wrote:
> 
> If a user entered:
> 
>    Username: [ brad   ]  From (OpenID server): [ livejournal.com ]
> 
> Then a consumer could hit http://livejournal.com/openid.xml
> 
> And get back:
> 
>     <openid-server-info>
>      ....
>       <url-map>http://www.livejournal.com/users/######</url-map>
>      .....
> 

Yuck.



More information about the yadis mailing list