[OpenID] Live Icons for visual recognition of IDP logos
andrewarnott at gmail.com
Fri Apr 3 23:43:52 UTC 2009
I think this is a reasonable idea. I don't mind an OpenID extension that
could carry an account recovery piece of data around.
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
2009/4/3 Rabbit <rabbit at cyberpunkrock.com>
> This thread is asking the question:
> "How do I control my identity when I lose control over my identifier?"
> I'm possibly misusing the term here but if OpenID is "user-centric" then
> its recovery mechanism should be too. RP trusts OP to authenticate the user.
> RP could also trust the OP to provide information that can be used to
> authenticate the user independently from the OP. This would be useful for a
> several reasons (one-to-one privacy, OP unavailable, domain expiration, bear
> attacks a data center, totalitarian government takes over).
> Just to illustrate the concept further, here's an **example** of how this
> could work. (Walk away with the concepts here, not the details, please.)
> When you sign up for the OP, you are asked to supply an emergency
> passphrase. A signature is generated by the function "hash( your_openid +
> emergency_pass )". This signature is given to each RP you sign into. When
> your OP is not available, the RP can still authenticate you by using the
> traditional "Identifier + Credential" method in widespread usage today by
> asking you for your emergency passphrase. The RP will never know your
> emergency passphrase until it needs to know. Obviously, this must not be the
> same credentials used to authenticate with your OP.
> Again, the above is just an example. The concept can be expanded upon to
> provide a decentralized account recovery protocol.
> general mailing list
> general at openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general