When you don't have anything nice to say, well then perhaps its time consider a career as an analyst.
Monday, January 21, 2008
Directed it ain't
According to Simon Willison (with confirmation), Yahoo! is using the ceremony of 'directed identity' (i.e. user presents yahoo.com to RP rather than user.yahoo.com) in its OpenID 2.0 support, but not the 'directedness' (as Yahoo! will return the same encrypted identifier for a user to each and every RP and thereby completely erase all correlation inhibition value of the mechanism).
On the plus side, it will save Yahoo! some rows in its database.