Identifier portability: the fundamental issue

Dick Hardt dick at sxip.com
Sun Oct 15 03:19:15 UTC 2006


On 13-Oct-06, at 12:59 PM, Drummond Reed wrote:

> Yesterday we established consensus that with OpenID, identifier  
> portability
> is sacred.
>
> Today I'd like to establish consensus on the following "postulate":
>
> "To achieve identifier portability in OpenID, it MUST be possible  
> for the RP
> and the IdP to identify the user using two different identifiers: an
> identifier by which the RP knows the user (the portable  
> identifier), and an
> identifier by which the IdP knows the user (the IdP-specific  
> identifier)."

No true.

The RP knows the IdP is authoritative since there is a reference to  
the IdP in the document the portable identifier resolves to.

How the IdP knows the user owns the portable identifier, and how the  
user tells the IdP that she wants to use that portable identifier, do  
not involve the RP, and therefore are out of scope of the protocol,  
as this is a protocol between the RP and the IdP, not the user and  
the IdP.

-- Dick



More information about the specs mailing list