[OpenID] 2-Headed OpenID Auth for Increased Security?

Peter Williams pwilliams at rapattoni.com
Mon Dec 1 13:23:52 UTC 2008 

Xrd or xrds?

Interesting! if you go xrd. Then you can do dnssec-like namespace controls, much like the trusted resolution mode of xri. Rather than be dnssec static, however, signatures on xrd could also serve as security tokens, citable on the peer (web) services ("managed" by the xri/uri). Butler lampson will be in heaven.

________________________________
From: Ben Laurie <benl at google.com>
Sent: Monday, December 01, 2008 5:13 AM
To: Peter Williams <pwilliams at rapattoni.com>
Cc: Eric Norman <ejnorman at doit.wisc.edu>; OpenID List <general at openid.net>
Subject: Re: [OpenID] 2-Headed OpenID Auth for Increased Security?



On Sun, Nov 30, 2008 at 5:56 PM, Peter Williams <pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>> wrote:
Time to take the extension power of XRDS, and apply xmldsig "detached signature(s)"

Signing XRD is pretty much what we're proposing for the next generation...



This would be using similar mechanism as used in Authenticode, where designers applied 3rd-party countersigning and 4th-party timestamping to solve validity problems - at internet scale. Different parties (OP, discovery agents, validation) can then cooperate, in the inherently suspicious world of open systems.

The Shib/Apache-xmltooling toolset has all the mechanisms required to make power-use of the flexibility of the xmldsig standard (as do many other tools). Being very, very flexible in its references, it's easy to screw up application of xmldsig, producing unwanted sideeffects tho.

-----Original Message-----
From: general-bounces at openid.net<mailto:general-bounces at openid.net> [mailto:general-bounces at openid.net<mailto:general-bounces at openid.net>] On Behalf Of Eric Norman
Sent: Sunday, November 30, 2008 9:50 AM
To: OpenID List
Subject: Re: [OpenID] 2-Headed OpenID Auth for Increased Security?


On Nov 30, 2008, at 9:35 AM, Andrew Arnott wrote:

> I like the idea.... but the XRDS would have to mandatorily not be
> hosted by either OP (which right now is commonly done), since that OP
> would still ultimately have total assertion power by temporarily
> manipulating the XRDS file to point to two OP endpoints that were both
> controlled by the evil party.

Be careful.  "Hosted by" does not necessarily imply "content
controlled by".

Eric Norman

_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general

More information about the general mailing list