> Well, when I login my registered ID is www.voidspace.org.uk and *not* > fuzzyman.myopenid.com - so I believe you are incorrect (and in fact this > very point was touted as one of the advantages of openid - that your > account is independent of your provider and that you *can* change > provider whilst retaining the same id).
On the wire (between relying party and provider), voidspace.org.co.uk does never appear. From the OpenID 1.1 specification: # Now, when a Consumer sees that, it'll talk to # http://www.livejournal.com/openid/server.bml and ask if the End User # is exampleuser.livejournal.com, never mentioning www.example.com # anywhere on the wire. So all I (as a relying party) get verifyied is fuzzyman.myopenid.com. Why should I trust that voidspace.org.uk is actually a valid ID? Can't you then produce hundreds of IDs, all delegating to the same identity? IOW, why should I (as a relying party) pay any attention to the ID that you entered, rather than to what I get actually validated? Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
