Yet Another Delegation Thread
Pete Rowley
prowley at redhat.com
Wed Oct 25 19:18:49 UTC 2006
Josh Hoyt wrote:
> On 10/25/06, Pete Rowley <prowley at redhat.com> wrote:
>> Josh Hoyt wrote:
>> > If the user uses different IdP-specific identifiers for each portable
>> > identifier, I don't see how they can be correlated.
>>
>> Unless I mis-understand the the OpenID discovery mechanism - at the
>> point of discovery, which can be done out of band in a spider like web
>> harvesting fashion. Any one discovery point contains your identity map.
>
> I think you misunderstand it. Each identifier specifies the IdP and
> possibly IdP-specific identifier to use for itself. There is no global
> "identity map."
Actually I think this is a consequence of using URLs as identifiers and
wanting to use my site to host the portable identifiers - you're
probably thinking separate domains per portable identifier or using some
well known IdP. Each identifier can be correlated by inference in this
case since they are on the same site. Non-correlatable identifiers would
need to either be on separate sites or be hosted as a service and
thereby taking advantage of the "lost in the crowd" effect.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061025/c8a91afd/attachment-0002.bin>
More information about the specs
mailing list