<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Hi Simon,<br><br>No. The auto generated URL will remain the same (for all RPs) for a user. <br>We are using the "directed identity" feature to make it easier for a user to sign in. The user only has to type in "yahoo.com" or click on a <a href="http://developer.yahoo.com/openid/loginbuttons.html">button </a> that RP adds to his/her site and we'll send the right url identifier back after authentication.<br><br>Thanks<br><br>Naveen<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: Simon Willison <simon@simonwillison.net><br>To: Peter Williams <pwilliams@rapattoni.com><br>Cc: sknvn-openid@yahoo.com; Hans Granqvist
<hans@granqvist.com>; openid-general <general@openid.net><br>Sent: Friday, January 18, 2008 3:39:56 PM<br>Subject: Re: [OpenID] Opt out of Yahoo OpenID?<br><br>
On
1/18/08,
Peter
Williams
<<a ymailto="mailto:pwilliams@rapattoni.com" href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>>
wrote:<br>>
We
cannot
say
that
this
is
not
openid
(the
use
of
a
uri
element
that
could
be
ciphertext).
I
assume
it
has
the
same
purpose
as
the
pseudonym
name
format
in
the
saml
standard.
What
we
should
perhaps
question
is
whether
openid
is
deficient
in
its
use-case
work
given
it
did
not
standardize
what
yahoo
felt
compelled
to
add<br><br>As
I
understand
it,
the
thing
Yahoo!
are
doing
(providing
a
unique<br>one-time
OpenID
for
each
user
on
a
per-site
basis,
to
prevent
third<br>parties
from
correlating
user
behaviour
across
multiple
sites
without<br>the
user's
permission)
is
an
intended
consequence
of
the
OpenID
2.0<br>specification.
The
official
term
for
it
is
"directed
identity",
but<br>it's
not
widely
understood
(in
fact
that
term
isn't
used
in
the
OpenID<br>2.0
specification
at
all).
It
would
be
useful
if
this
concept
was<br>expanded
upon
in
a
set
of
design
notes
(or
similar)
to
accompany
the<br>specification.<br><br>There's
a
thread
about
directed
identity
here:<br><br><a href="http://openid.net/pipermail/general/2006-November/thread.html#541" target="_blank">http://openid.net/pipermail/general/2006-November/thread.html#541</a><br></div><br></div></div></body></html>