On 02/22/2013 10:43 PM, Jay Ashworth wrote:
So, then, all OpenID guarantees is "this provider
says it's the same person
it was last time"?
The exact semantics is, IIRC, "that person has presented credential to
us we accept as identifying them as our user $IDENTIFIER". Whether the
client trusts that $IDENTIFIER is reasonably stable for their purposes,
or that they trust our word, is their call.
-- Marc