Blog URI, is it necessary?

Ben Hyde bhyde at
Mon May 23 11:35:59 PDT 2005

On May 20, 2005, at 1:21 PM, Martin Atkins wrote:
> Ben Hyde wrote:
>>> Alice needs to provide a unique URL that she has implied control 
>>> over. This keeps a 1:1 mapping between a URL and a "user." 
>>> LiveJournal can't go around asserting for 
>>> everyone.
>> What would that break?
>> Longer form: what would break if the returned openid.assert_identity 
>> wasn't identical to sent openid.is_identity?
> That would turn the question from "Is Alice and LiveJournal logged 
> in?" to "Which LiveJournal user is logged in?".
> There's a privacy concern there, which is why you are required to ask 
> for a particular user.

Interesting.  When the user enters her URL she is granting permission 
to the site to attempt to authentication.   Sites might be tempted to 
auth without permission.   They might guess her URL, either because 
it's not particularly unique or because they found it via some back 
channel.  hm.

  - ben

  I forecast sunny weather!

More information about the yadis mailing list