I wasn't at IIW, so please bear with me. In reference to the wiki at http://openid.net/wiki/index.php/IIW2007a/Identifier_Recycling, can somebody clarify what some of the terminology means? Specific questions are below.
1.) For URL+Fragment, what is the distinction between "private" and "public"? 2.) Ditto For URL+Token (I assume this means a public vs. private token?) 3.) What does "DE" mean in the "Does not require change to DE"? 4.) In the "Stolen OP account" header, it appears that all 4 of the proposed methods have problems. However do we really want an identifier to be recycled if an account is stolen ( i.e., what if an account is only stolen for a brief period, but then recovered?) 4.) What is "Active Recycling"? 5.) In the "New DB Field" header, doesn't an OP/RP need a new DB field in the fragment scheme, in order to distinguish between the id and the current fragment? Or does the OP/RP simply store the whole URL (fragment included) and parse as necessary? 6a.) What is "MO" in "MO Strip Fragment"? 6b.) What does the "MO Strip Fragment" header mean in general? Thanks! David
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
