Josh Hoyt wrote:
Actually I think this is a consequence of using URLs as identifiers and wanting to use my site to host the portable identifiers - you're probably thinking separate domains per portable identifier or using some well known IdP. Each identifier can be correlated by inference in this case since they are on the same site. Non-correlatable identifiers would need to either be on separate sites or be hosted as a service and thereby taking advantage of the "lost in the crowd" effect.On 10/25/06, Pete Rowley <[EMAIL PROTECTED]> wrote:Josh Hoyt wrote: > If the user uses different IdP-specific identifiers for each portable > identifier, I don't see how they can be correlated.Unless I mis-understand the the OpenID discovery mechanism - at the point of discovery, which can be done out of band in a spider like web harvesting fashion. Any one discovery point contains your identity map.I think you misunderstand it. Each identifier specifies the IdP and possibly IdP-specific identifier to use for itself. There is no global "identity map."
-- Pete
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs