Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Drummond Reed <drummond.reed <at> cordance.net>
Subject: Re: [OpenID] Case for a unified scheme for OpenID "oid:"
Newsgroups: gmane.comp.web.openid.general
Date: Saturday 28th November 2009 20:15:01 UTC (over 6 years ago)
John,

Some will *always* argue that XRI "is or has died". But as you know, XRI is
alive and well, and with XRD 1.0 finally out, the XRI TC is making steady
progress on having XRI 3.0 out by the end of the year (I personallly have
been the biggest bottleneck due to other obligations, but I"m committing to
getting it out in that timeframe). For those following John's thread, XRI
3.0 is the adjustment to XRI architecture that places XRI completely within
URI architecture to deal with W3C TAG's objection to XRI 2.0.

In any case, I feel very very strongly that whatever OpenID v.next does
about identifiers, it MUST address the issue of consistent handling and
mapping of persistent, non-recycleable identifiers and non-persistent,
reassignable human-friendly synonyms for those identifiers. Until it solves
that issue, OpenID will carry a huge security hole which will rule it out
for many of the uses for which it otherwise would appear to be a good
solution.

(For reference, Information Card/IMI architecture filled that security hole
with the PPID mechanism built into Information Cards. However Information
Cards rely on a different discovery mechanism. The best of both worlds
would
be to have the discoverability of OpenID with the automatic persistent
identifier protection of Information Cards.)

=Drummond

On Sat, Nov 28, 2009 at 8:17 AM, John Bradley  wrote:

> I think if we are going to consider identifiers as we should in V Next,
>  one of the core issues should be support of portable identifiers for
> claimed ID's.
>
> I am relatively ambivalent about the format of the user entered
identifier.
> Anything that gets the user to the correct OP works in principal.
>
> The way we are headed with the nascar users entering identifiers is
> becoming less likely all the time.
>
> The question is should we have a way for people to move there claimed ID
> from one provider to another.
> Yes XRI supports that between OPs that support XRI.
>
> Some will argue that XRI is or has died so that couldn't have been an
> important feature.
>
> Perhaps that is true.  People may like the increasingly sticky
relationship
> with there OP.
>
> Portability and the ability to self assert without an OP should be
> considered.
>
> I am slightly less optimistic than Shade about XRI eventually taking
over.
> However that doesn't mean that we cant save some of the important design
> goals.
>
> Regards
> John B.
>
> On 2009-11-28, at 12:49 PM, SitG Admin wrote:
>
> >> Please remember "oid:" is a urn and this is consistent with usages
like
> "tag:something:something".
> >
> > So, during discovery, the user is essentially telling a RP "the
> identifier you are about to receive, whether it be URL or E-mail address
or
> something else entirely, is an OpenID meant to log in with"?
> >
> > Past proposals (discussed in this list's archives, if you'd like to
look)
> have included new protocols and new TLD's; see this post in particular:
> >
> http://lists.openid.net/pipermail/openid-general/2006-December/000826.html
> > Note, too, that TLD's are a non-issue when everyone moves to XRI's ;)
> >
> > -Shade
> > _______________________________________________
> > general mailing list
> > [email protected]
> > http://lists.openid.net/mailman/listinfo/openid-general
>
>
> _______________________________________________
> general mailing list
> [email protected]
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
 
CD: 4ms