Yet Another Delegation Thread

Pete Rowley prowley at redhat.com
Wed Oct 25 19:18:49 UTC 2006


Josh Hoyt wrote:
> On 10/25/06, Pete Rowley <prowley at redhat.com> wrote:
>> Josh Hoyt wrote:
>> > If the user uses different IdP-specific identifiers for each portable
>> > identifier, I don't see how they can be correlated.
>>
>> Unless I mis-understand the the OpenID discovery mechanism - at the
>> point of discovery, which can be done out of band in a spider like web
>> harvesting fashion.  Any one discovery point contains your identity map.
>
> I think you misunderstand it. Each identifier specifies the IdP and
> possibly IdP-specific identifier to use for itself. There is no global
> "identity map."
Actually I think this is a consequence of using URLs as identifiers and 
wanting to use my site to host the portable identifiers - you're 
probably thinking separate domains per portable identifier or using some 
well known IdP. Each identifier can be correlated by inference in this 
case since they are on the same site. Non-correlatable identifiers would 
need to either be on separate sites or be hosted as a service and 
thereby taking advantage of the "lost in the crowd" effect.

-- 
Pete

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061025/c8a91afd/attachment-0002.bin>


More information about the specs mailing list