- changed status to open
"NOT FOUND" special value for openid2_id looks dangerous
Section 4.1.2. "No Associated OpenID 2.0 Identifier Found" says a special value "NOT FOUND" should be used in the openid2_id member. This feels dangerous and unnecessary. It is dangerous as in all other situations the openid2_id value is assumed to be an unambiguous account identifier. I can imagine code assuming openid2_id is unambiguous and being tricked into thinking all transactions with "NOT FOUND" refer to the same account.
Omitting the openid2_id member when there is no proper value seems like the most sensible solution. If an explicitly indication of no OpenID 2.0 identifier is really required a different member name could be defined (eg "no_openid2_id":true).
Comments (4)
-
-
Omitting the openid2_member when it is not found seems like a clean solution.
-
-
assigned issue to
-
assigned issue to
-
- changed status to resolved
Migration: Fixed
#962- "NOT FOUND" special value for openid2_id looks dangerous→ <<cset 01115620925a>>
- Log in to comment
Discuss on list. This violates the format for a URI and is treated as an XRI by the spec.