[OpenID] No benefits of XRI i-names/i-numbers as OpenIDs (was: isopenid 2.0 a lightweight identity system?)
les.chasen at neustar.biz
Tue Feb 13 21:19:01 UTC 2007
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> Behalf Of Stephane Bortzmeyer
> Sent: Tuesday, February 13, 2007 3:14 AM
> To: general at openid.net
> Subject: [OpenID] No benefits of XRI i-names/i-numbers as OpenIDs
> isopenid 2.0 a lightweight identity system?)
> On Mon, Feb 12, 2007 at 12:21:19AM -0800,
> Drummond Reed <drummond.reed at cordance.net> wrote
> a message of 80 lines which said:
> > though persistence is probably the most important one. When I
> > explain to someone new to OpenID that if they use a URL as their
> > OpenID, and they ever lose the registration of that URL, someone can
> > take over their OpenID identity COMPLETELY, they have a pretty
> > strong reaction. It's a bigger issue than most folks realize
> And it is mostly FUD. A *lot* of organizations spread FUD on URL and
> try to sell a "permanent" registration service. Probably because they
> are jealous of Verisign and would like to earn a market share like
> them. XRI is just one of the smallest and less credible contenders in
> that area.
> They forget that "permanent" is an administrative issue, not a
> technical one. It is easy to have permanent URI. Permanent URL are
> more difficult but it is the same thing for any other "permanent"
> scheme. If xdi.org collapses, what will become of your "permanent"
I am not sure why you are saying Drummond is spreading FUD. You are
absolutely right that it is an administrative issue. That is why we in
the XRI community went through a lot of effort to ensure we have the
framework that ensures permanence. It is one baked into the XRI
specification and two XDI.org was formed as a non profit to ensure
proper governance. Every member of XDI.org MUST enforce permanence.
So sure you can do something like add a date/time stamp to a URL or a
domain but it is only going to be as trustable as the community of folks
enforcing basic rules.
Nobody is saying you can't retrofit existing things to be an identity.
For me, retrofitting only works in very limited circumstances and is
usually pretty fragile. IMHO, if there is ever going to be a trustable
identity layer on the web that can be used for a lot more than logging
into wikis, blogs and other such web sites you will need solid
enforceable rules of the road. I think XDI.org brings that to the
> general mailing list
> general at openid.net
More information about the general