The problem is that to every RP, security IS important. To them.
The *real* problem is their inevitable corollary: that convenience is *more* important.
-Shade inserts an excerpt from the specs list below At 5:43 PM -0800 12/10/09, Allen Tom wrote:
If I was building an RP, I would definitely download and cache the profile image for the privacy and security reasons that you stated. However, many RPs have asked if they can directly link to the profile pic, because image hosting costs money, and downloading and caching requires work and effort. Also, some RPs would like to have the image automatically updated if the user changes it.
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
