Re: [OpenID] Case for a unified scheme for OpenID "oid:"
2009-11-28 20:15:01 GMT
Some will *always* argue that XRI "is or has died". But as you know, XRI is alive and well, and with XRD 1.0 finally out, the XRI TC is making steady progress on having XRI 3.0 out by the end of the year (I personallly have been the biggest bottleneck due to other obligations, but I"m committing to getting it out in that timeframe). For those following John's thread, XRI 3.0 is the adjustment to XRI architecture that places XRI completely within URI architecture to deal with W3C TAG's objection to XRI 2.0.
In any case, I feel very very strongly that whatever OpenID v.next does about identifiers, it MUST address the issue of consistent handling and mapping of persistent, non-recycleable identifiers and non-persistent, reassignable human-friendly synonyms for those identifiers. Until it solves that issue, OpenID will carry a huge security hole which will rule it out for many of the uses for which it otherwise would appear to be a good solution.
(For reference, Information Card/IMI architecture filled that security hole with the PPID mechanism built into Information Cards. However Information Cards rely on a different discovery mechanism. The best of both worlds would be to have the discoverability of OpenID with the automatic persistent identifier protection of Information Cards.)
I think if we are going to consider identifiers as we should in V Next, one of the core issues should be support of portable identifiers for claimed ID's.
I am relatively ambivalent about the format of the user entered identifier.
Anything that gets the user to the correct OP works in principal.
The way we are headed with the nascar users entering identifiers is becoming less likely all the time.
The question is should we have a way for people to move there claimed ID from one provider to another.
Yes XRI supports that between OPs that support XRI.
Some will argue that XRI is or has died so that couldn't have been an important feature.
Perhaps that is true. People may like the increasingly sticky relationship with there OP.
Portability and the ability to self assert without an OP should be considered.
I am slightly less optimistic than Shade about XRI eventually taking over.
However that doesn't mean that we cant save some of the important design goals.
On 2009-11-28, at 12:49 PM, SitG Admin wrote:
>> Please remember "oid:" is a urn and this is consistent with usages like "tag:something:something".
> So, during discovery, the user is essentially telling a RP "the identifier you are about to receive, whether it be URL or E-mail address or something else entirely, is an OpenID meant to log in with"?
> Past proposals (discussed in this list's archives, if you'd like to look) have included new protocols and new TLD's; see this post in particular:
> Note, too, that TLD's are a non-issue when everyone moves to XRI's ;)
> general mailing list
> general <at> lists.openid.net
general mailing list
general <at> lists.openid.net
_______________________________________________ general mailing list general <at> lists.openid.net http://lists.openid.net/mailman/listinfo/openid-general