Do We Agree on the Problem We're Trying to Solve?
Josh Hoyt
josh at janrain.com
Mon Jun 11 17:45:47 UTC 2007
On 6/8/07, David Fuelling <sappenin at gmail.com> wrote:
> If in 50 years, a given canonical URL domain goes away, then couldn't a
> given OpenId URL owner simply specify a new Canonical URL in his XRDS doc?
If I understand the way that David Recordon and Drummond are proposing
that canonical identifiers work, this is not the case. The canonical
identifier is the sole database key, and the URL that the user enters
and everyone sees is reassignable and (to a certain extent) ephemeral.
Control of the canonical identifier is necessary and sufficient to
assert one's identity.
If I understand Dick, he's proposing using multiple identifiers as a
kind of multi-factor authentication, where the user has to present
more than one credential in the form of identifiers to take an action.
This is very similar to your interpretation of two URLs being
necessary. It's an interesting idea, and it has a lot of nice
properties, but it seems like a pretty big leap at this point. I think
the biggest drawback is that the nice properties only really appear
when each identifier is issued by a separate authority.
Josh
More information about the specs
mailing list