XRI confusion
Dick Hardt
dick at sxip.com
Thu Oct 19 05:56:18 UTC 2006
Hey Drummond
In reviewing:
http://www.lifewiki.net/openid/ConsolidatedDelegationProposal
...
Summary of Motivations
4. Enable RPs to take advantage of XRI CanonicalDs to protect End-
Users from ever having their Portable Identifier reassigned (and thus
their identity taken over).
....
How would a user ever learn what their CanonicalID is?
If there Portable Identifier (i-name) is reassigned, then they will
be sent to an IdP for the new Canonical ID is, expecting credentials
from the new owner. The user will never make it back to the RP, and
they will have no easy way of proving they are the owner of the
CanonicalID.
Additionally, in the proposal, the i-name is not sent from the RP to
the IdP, so how does the IdP know which i-name to address the user
as? Also, once the user is back at the RP, the RP needed to maintain
state if they want to present to the user which i-name the user
logged in as.
This would seem to be really important for both the IdP and the RP to
communicate to the user which user visible identifier is being used.
-- Dick
More information about the specs
mailing list