query parameters in identity URLs

Paul Crowley paul at ciphergoth.org
Tue Jun 28 01:42:05 PDT 2005

Brad Fitzpatrick wrote:
> What should we do about it?

There's basically nothing you can do about it.  OpenIDs are not "escape 
resistant" or "expensive IDs" - in fact, they're just about the cheapest 
IDs in the world.  There's not much point in trying to make it difficult 
for people to create new ones at will.

The most you could do would be to try and create measures that meant 
that the owner of a particular domain could try and prevent their users 
from creating more than one ID each in that domain.  openid.canonical 
would be one way of doing that - I'll discuss that separately.
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list