[OpenID] Live Icons for visual recognition of IDP logos

Andrew Arnott andrewarnott at gmail.com
Fri Apr 3 23:43:52 UTC 2009


Rabbit,
I think this is a reasonable idea.  I don't mind an OpenID extension that
could carry an account recovery piece of data around.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire


2009/4/3 Rabbit <rabbit at cyberpunkrock.com>

> This thread is asking the question:
> "How do I control my identity when I lose control over my identifier?"
>
> I'm possibly misusing the term here but if OpenID is "user-centric" then
> its recovery mechanism should be too. RP trusts OP to authenticate the user.
> RP could also trust the OP to provide information that can be used to
> authenticate the user independently from the OP. This would be useful for a
> several reasons (one-to-one privacy, OP unavailable, domain expiration, bear
> attacks a data center, totalitarian government takes over).
>
> Just to illustrate the concept further, here's an **example** of how this
> could work. (Walk away with the concepts here, not the details, please.)
>
> When you sign up for the OP, you are asked to supply an emergency
> passphrase. A signature is generated by the function "hash( your_openid +
> emergency_pass )". This signature is given to each RP you sign into. When
> your OP is not available, the RP can still authenticate you by using the
> traditional "Identifier + Credential" method in widespread usage today by
> asking you for your emergency passphrase. The RP will never know your
> emergency passphrase until it needs to know. Obviously, this must not be the
> same credentials used to authenticate with your OP.
>
> Again, the above is just an example. The concept can be expanded upon to
> provide a decentralized account recovery protocol.
>
> =Rabbit
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/3e535d33/attachment-0002.htm>


More information about the general mailing list