Johannes Ernst at
Wed Aug 30 19:58:09 UTC 2006

Which reminds me that I've never quite understood what the attack is  
that the OpenID trust_root protects against. There seems to be no  
mechanism by which the user (or the IdP) could force the RP to only  
apply authentication to places covered by trust_root. And return_to  
already to where the authentication assertion goes.

Anybody enlightened on this list who'd like to enlighten me? Thanks ...

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url :
-------------- next part --------------

More information about the yadis mailing list