[OpenID] Benefits of XRI i-names/i-numbers as OpenIDs

Claus Färber gmane at faerber.muc.de
Wed Feb 14 14:19:13 UTC 2007

Drummond Reed schrieb:
> No, there are at least six other reasons by my count, though persistence is
> probably the most important one. When I explain to someone new to OpenID
> that if they use a URL as their OpenID, and they ever lose the registration
> of that URL, someone can take over their OpenID identity COMPLETELY, they
> have a pretty strong reaction.

i-names can be re-assigned, too. RPs have to do extra work to implement 
i-number resolution... and there's no reason one could not add 
persistent identifiers to OpenID URLs.

> * Security: you don't have to enter https:// in front of an i-name. It's
> built in, i.e., the entire resolution network supports https. So you avoid
> the whole problem with the default for URLs being http instead of https.

Even if users claim an identity without the "s", the transactions can 
still be done over HTTPS.

> * Privacy: if you want full control of your URL you need to register your
> own global domain name, which requires either publishing Whois contact data
> or paying your DNS registrar for a proxy registration service (which
> typically costs more than the domain name).

Wrong. You can use sub-domains such as cfaerber.myopenid.com or URLs 
with a non-null path such as <http://example.com/~username>.

> * Ease of use: a personal i-name is just a string prefixed by an = sign. It
> works the same way everywhere in all contexts/protocols that accept XRIs.

That's the same with YADIS.

> * Internationalization: i-name syntax is fully internationalized (uses the
> full Unicode character range) right from the start, without the need for
> complicated punycode (http://en.wikipedia.org/wiki/Punycode).

The main issue that holds back IDN deployment are countermeasures 
against homoglyph spoofing attacks. What's the XRI solution to this problem?

Actually, Punycode is also a human-compatibility feature. Even users who 
can't read Han characters can write down and type an address like 
"xn--fsq95u.com" but they will be completly lost at "例外.com".

> * Clear differentiation of context: XRI i-name/i-numbers are not just for
> people (=names/numbers); there are also namespaces for communities
> (@names/numbers) and tags (+names/numbers). = for personal, @ for community,
> and + for tags. This will become more important as you need/want to put your
> identity into specific contexts, i.e., login to a website with your identity
> as a member of a specific community instead of your own personal identity.

Sub-domains provide a similar concept but don't encode the object type 
into the identifier (which actually is a good thing).

> * Smarter addressing: XRI i-name/i-number syntax was developed for more than
> just digital identity. It is designed for next-generation messaging and data
> sharing protocols that will...

... probably gain as widespread usage as X.400.

> Lastly, we (XDI.org, Cordance, NeuStar, i-brokers) have heard the feedback
> that global personal i-names need to be cheaper (currently they run about
> $20/year retail). We're working on getting them down to price parity with
> domain names (although the retail price is ultimately set by the i-brokers).

The main problem is not the price. The main problem is that i-names are 
  much less useful than domain names.


More information about the general mailing list