Monday, January 21, 2008

Directed it ain't

According to Simon Willison (with confirmation), Yahoo! is using the ceremony of 'directed identity' (i.e. user presents yahoo.com to RP rather than user.yahoo.com) in its OpenID 2.0 support, but not the 'directedness' (as Yahoo! will return the same encrypted identifier for a user to each and every RP and thereby completely erase all correlation inhibition value of the mechanism).

On the plus side, it will save Yahoo! some rows in its database.

Tags: ,

No comments: