[OpenID] Method for expressing mechanical relationships with OpenID's

Stephen Paul Weber singpolyma at gmail.com
Mon Mar 5 13:06:13 UTC 2007

Kind of jumping in here, but as an ID system, isn't this outside the
scope of OpenID (similar to how trust and profile data are outside the
scope).  Actual OpenID can't eve say "I'm Acme Corp." only "I'm

On 3/4/07, Rabbit <xageroth at gmail.com> wrote:
> I've been searching through the list / blogs looking for conversations
> about this so please point me in the right direction if there's
> already a discussion.
> I was trying to think of a simple way of expressing agreements and
> relationships with OpenID's and have been playing with a few
> possibilities. Let's say you wanted to declare ...
> "I'm Acme Corp."
> OpenID addresses this but not ...
> "... and I'm Photo Editor, a service of Acme Corp."
> The closest OpenID gets to this would be with the Trust Root, but
> that's making the assumption that Acme Corp hosts all its services on
> a single domain and doesn't really reflect the reality of the
> *identity* that is Acme Corp.
> How difficult would it be to assign an OpenID to both Acme Corp and
> the Photo Editor service, then invent a human-usable URI namespace
> that expresses this relationship? Could very easily be expressed in
> plain text.
> Arrangement: http://example.openid.net/ChildService/
> Proposed-by: http://acme.com/
> Signed-by: http://photoeditor.com/
> Signature: .....
> (If you're scared of signed certs I *suppose* you could do without the
> signature if the certificate is given a synonymous ID with which you
> could ask the other party "You know anything about Cert #38?" and see
> if it's the same.)
> Going to the URI namespace would have a standardized, formal
> explanation of what the assertion is phrased in a way that inquiring
> minds should easily understand it. Seeing something like this an
> OpenID provider could make more complicated suggestions such as
> "You've enabled a trust root for Acme Corp (http://acme.com/). Photo
> Editor (http://photoeditor.com/) is a "Child Service" [?] of Acme
> Corp. Would you like to extend trust to all of Acme Corp's child
> services?"
> I think something like this would be pretty open for exploration. It
> would be easy to invent relationships if there doesn't exist an
> arrangement that will express it because the namespace is applied to
> something expressed in human terms. "This is a service we developed."
> "This is a sister company." "This user entrusts me with their phone
> number so long as we do not distribute." etc etc.
> Trying to imagine some XML format eventually expressing some of these
> things makes me cringe, but then maybe I'm jumping the gun on this and
> there's no need to express any of these things.
> --
> Rabbit
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

- Stephen Paul Weber, Amateur Writer

MSN/GTalk/Jabber: singpolyma at gmail.com
ICQ/AIM: 103332966
BLOG: http://singpolyma.net/

More information about the general mailing list