On 10-Oct-06, at 11:29 AM, Martin Atkins wrote: > Dick Hardt wrote: >> >> Given that a Google of the delegate tag will yield all URLs >> containing it, >> there is no value in hiding delegation anymore. >> > > If I considered it important enough, I could restrict access to my > Yadis > document to only one party using various techniques, thus preventing > search engines and the IdP from reading the data inside. > > Admittedly, this is a lot more effort than most users are likely to > go to.
I think that it is possible, but impractical -- and not sure it provides any advantage. The IdP knows you are going to the RP. It just does not know which Identifier you are using at the RP, but it does know the delegate that you are using. I'm not sure what significant information this hides from the IdP. -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs