Hi Martin, The intent is to be able to identify applications which were not deliberately designed to be malicious. Well designed malicious apps would piggy back off of another app's CK or just cycle through a list of CKs to evade detection.
However, there have been occasions where legitimate apps behave strangely, and we'd like to be able to contact the developer of the app for more information. Having the CK present in the server logs makes it a lot easier for us to diagnose problems on our side, especially if we're able to use the CK to look up information about the app and its developer. We've also seen apps that are well intentioned, but extremely buggy. It's very helpful to be able to easily identify requests originating from these apps if we need to disable them. Allen Martin Atkins wrote: > If I make a dangerous app using the consumer key from a popular > application, would you black list that key and inconvenience all of its > users? > > (I doubt it.) > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs