[OpenID] Laws of id, openid with ssl

Drummond Reed drummond.reed at cordance.net
Fri Jan 25 02:41:44 UTC 2008


> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Martin Atkins
> Sent: Thursday, January 24, 2008 4:27 PM
> Cc: 'OpenID List'
> Subject: Re: [OpenID] Laws of id, openid with ssl
> 
> Drummond Reed wrote:
> > Peter, just to reinforce Dick's first step below -- in directed
> identity,
> > the user does not give their own public identifier to the RP, only the
> > identifier of their OP. That way the RP knows how to discover the OP's
> XRDS
> > and connect to the service endpoint for the OP's directed identity
> service
> > (<Type>http://specs.openid.net/auth/2.0/identifier_select</Type>).
> >
> > The OP then returns the user's selected identifier (either public or
> private
> > -- user's choice).
> >
> 
> I think calling it a "private" identifier is a bit misleading. All
> OpenID identifiers are public.
> 
> Perhaps a terms to use would be "obfuscated", "single-use" or "throwaway".

Disagree. A pairwise-unique identifier generated by an OP is not intended to
be public. If it was shared publicly, i.e., could be associated with the
public identifier of the user, it would lose its capability to privately
identify the user's relationship with the RP.

An OP-generated pairwise-unique identifier is the OpenID equivalent of the
PPID ("Private Personal Identifier") in Cardspace.

=Drummond 




More information about the general mailing list