Inconsistencies found in Yahoo's OpenID HTTP Headers. Certain security features are different than expected or missing.
I'm comparing the OpenID headers of various providers and noticed some inconsistencies with Yahoo's implementation of OpenID. I've started a public discussion on the matter at the following link. Your insight into the matter is much appreciated