Non-HTML Links

Martin Atkins mart at
Wed May 18 06:31:55 PDT 2005

Christopher Schmidt wrote:

>   1. It leads to confusion over what you might be authenticating
>   against. Even if I can be crschmidt at livejournal or
>   crschmidt at deadjournal or crschmidt at plogs, I don't want to be all of
>   those at once: I should pick one.

Remember that you're not authenticating as "crschmidt at livejournal", 
you're asking LiveJournal to assert that you are (for example) There's no implication that 
and are the same identity just because 
they are both being asserted by the same server.

By specifying multiple ID servers on your site, you are saying "all of 
these servers will tell you I'm". If you've listed and as your ID servers, the 
consumer might have on a blacklist of ID 
servers that it doesn't trust but be okay with using LiveJournal.

Both would result in you appearing as, assuming 
that those servers really do know you are you.

In the common case, where the consumer has no prejudice, it would be 
free to use whichever it wants -- probably the first encountered.

(we could also think about what happens if the ID server is temporarily 
unavailable, but asking consumers to make a bunch of different HTTP 
requests might be unreasonable/unsafe.)

More information about the yadis mailing list