security - ClaimedIdentifier vs FriendlyIdentifier for storing in DB? Which is safer? -

i'm using openid 2.0 in application. need save openid identifier value in db verify user. can save email saving claimedidentifier seems approach.

why safe use claimedidentifier , not friendlyidentifier storing in db? difference make?

i both values in application, many posts avoid using friendlyidentifier due security issues. security issues can claimedidentifier overcome friendlyidentifier cannot?

figured 1 out too- truncating openid friendly identifier , saving random string in db might cause scripting issues if has replicated intuit openid url format , passed scripting values. better save full unique claimed identifier value(https) , fetch , truncate match user.