I didn't find the Google response on the OpenID list particularly convincing - essentially that if the user does mistakenly give their IDP password to the RP, then the RP can just alert the user to this, and so teach them proper behaviour.
Warning: it seems that you have mistakenly provided us with your AOL password. When logging in to Buy.com through your AOL.com account, you should only present this password to AOL. To reinforce this lesson, please provide the following additional identity attributes in order to allow us to chastise you more completely.- SSN- Blood type- Sexual Orientation
No comments:
Post a Comment