[OpenID] Live Icons for visual recognition of IDP logos

Rabbit rabbit at cyberpunkrock.com
Fri Apr 3 08:28:44 UTC 2009


This thread is asking the question:
"How do I control my identity when I lose control over my identifier?"

I'm possibly misusing the term here but if OpenID is "user-centric"  
then its recovery mechanism should be too. RP trusts OP to  
authenticate the user. RP could also trust the OP to provide  
information that can be used to authenticate the user independently  
from the OP. This would be useful for a several reasons (one-to-one  
privacy, OP unavailable, domain expiration, bear attacks a data  
center, totalitarian government takes over).

Just to illustrate the concept further, here's an **example** of how  
this could work. (Walk away with the concepts here, not the details,  
please.)

When you sign up for the OP, you are asked to supply an emergency  
passphrase. A signature is generated by the function  
"hash( your_openid + emergency_pass )". This signature is given to  
each RP you sign into. When your OP is not available, the RP can still  
authenticate you by using the traditional "Identifier + Credential"  
method in widespread usage today by asking you for your emergency  
passphrase. The RP will never know your emergency passphrase until it  
needs to know. Obviously, this must not be the same credentials used  
to authenticate with your OP.

Again, the above is just an example. The concept can be expanded upon  
to provide a decentralized account recovery protocol.

=Rabbit



More information about the general mailing list