[OpenID] Proposal for a new XDI.ORG service (i-service) for SSO

[Chris Drake]

Hi Drummond,

I'm looking for a way to let my customers use their identities safely
online.  In particular, this includes protecting them from
data-mining.

Can you suggest a way that =Christopher can log in to www.site-a.com
and then later into www.site-b.com such that site-a and site-b cannot
later "share data" about =Christopher without his permission?  This
control is, after all, the whole point of "user centric" ?

My proposal is for XDI.org to host an HTTPS redirection proxy
application, that can take HTTPS POST data directly from RP web forms,
resolve the entered i-name =Christopher (or ask for the i-name if none
was provided - eg - I clicked "login" without entering my i-name), and
redirect the browser to the customers preferred authentication
endpoint (the endpoint can then allow my customers to decide which
persistent identifier to provide back to site-x for this login).

Basically - anything that blocks i-names from getting posted directly
to RP web sites will do, and I think XDI is the best place to do this?
Infocards already have this functionality built-in, using the owners
operating system as the "selector".  I think XDI can build something
much better, that will continue to work whether or not our customer is
in front of his own PC.

Kind Regards,
Chris Drake,
=1id.com