[OpenID] Benefits of XRI i-names/i-numbers as OpenIDs (was: is openid 2.0 a lightweight identity system?)

Drummond Reed drummond.reed at cordance.net
Mon Feb 12 08:21:19 UTC 2007


>Simon wrote:
>
>I'm still not entirely clear on the benefits of i-names as part of
>OpenID 2.0. Is the only reason to use an i-name that you get an
>i-number, which guards against losing out should you fail to
>re-register it?

No, there are at least six other reasons by my count, though persistence is
probably the most important one. When I explain to someone new to OpenID
that if they use a URL as their OpenID, and they ever lose the registration
of that URL, someone can take over their OpenID identity COMPLETELY, they
have a pretty strong reaction. It's a bigger issue than most folks realize
and solving it is much harder than it looks. In December I did a blog post
that helps explain the full depth of this issue:

	http://www.equalsdrummond.name/?p=89

But here are six more reasons to use an i-name (and i-number) as your OpenID
(note that all five apply equally whether it's a global i-name/i-number --
which costs money -- or a community i-name/i-number -- which will typically
be free):

* Security: you don't have to enter https:// in front of an i-name. It's
built in, i.e., the entire resolution network supports https. So you avoid
the whole problem with the default for URLs being http instead of https.

* Privacy: if you want full control of your URL you need to register your
own global domain name, which requires either publishing Whois contact data
or paying your DNS registrar for a proxy registration service (which
typically costs more than the domain name). The global i-name infrastructure
operated by XDI.org has much stronger privacy built-in (there is no Whois
service) and at no extra cost.

* Ease of use: a personal i-name is just a string prefixed by an = sign. It
works the same way everywhere in all contexts/protocols that accept XRIs.

* Internationalization: i-name syntax is fully internationalized (uses the
full Unicode character range) right from the start, without the need for
complicated punycode (http://en.wikipedia.org/wiki/Punycode).

* Clear differentiation of context: XRI i-name/i-numbers are not just for
people (=names/numbers); there are also namespaces for communities
(@names/numbers) and tags (+names/numbers). = for personal, @ for community,
and + for tags. This will become more important as you need/want to put your
identity into specific contexts, i.e., login to a website with your identity
as a member of a specific community instead of your own personal identity.

* Smarter addressing: XRI i-name/i-number syntax was developed for more than
just digital identity. It is designed for next-generation messaging and data
sharing protocols that will let you do things like tag an address (the way
some email servers support tagging usernames in an email address). Examples:

	=drummond+contact
	=drummond+email
	=drummond+openid
	=drummond+openid+security
	=drummond+openid+ui
	@cordance+contact
	@cordance+openid

The XRI/i-names community is still working at documenting this list of
benefits to using i-name/i-numbers with OpenID on the dev.inames.net wiki;
we'll post a link when the page is ready -- we'd love feedback.

Lastly, we (XDI.org, Cordance, NeuStar, i-brokers) have heard the feedback
that global personal i-names need to be cheaper (currently they run about
$20/year retail). We're working on getting them down to price parity with
domain names (although the retail price is ultimately set by the i-brokers).
We also expect more options to appear for getting free community i-names
that offer all the benefits above except portability.

Hope this helps.

=Drummond 





More information about the general mailing list