Consider google docs. You have the option to make a document readable/ writable to anybody with the URL. Imagine of creating an app similar to that. If you use openid now the openid provider stores the uuids in the web server logs.
I agree it is not a major concern but I am rising anyway so we can think about it. Massimo On Sep 18, 6:30 pm, Michele Comitini <[email protected]> wrote: > > Second, should we expose URLs to the openid provider? There could be a > > security implication there. > > I would consider this minor, you are already naked when you use third > party authorization... ;-)
