Do We Agree on the Problem We're Trying to Solve?

David Fuelling sappenin at gmail.com
Mon Jun 11 18:05:14 UTC 2007


On 6/11/07, Josh Hoyt <josh at janrain.com> wrote:
>
> On 6/8/07, David Fuelling <sappenin at gmail.com> wrote:
> > If in 50 years, a given canonical URL domain goes away, then couldn't a
> > given OpenId URL owner simply specify a new Canonical URL in his XRDS
> doc?
>
> If I understand the way that David Recordon and Drummond are proposing
> that canonical identifiers work, this is not the case. The canonical
> identifier is the sole database key, and the URL that the user enters
> and everyone sees is reassignable and (to a certain extent) ephemeral.
> Control of the canonical identifier is necessary and sufficient to
> assert one's identity.


Yes, I think that's what is intended.  However, there doesn't appear to be
any mechanism (aside from the proposal "saying so") to enforce that the
canonical identifier is the root key.  Seems like somebody could arbitrarily
switch their canonical id to a different canonical id, so long as the person
doing the switching controls a regular OpenID and its XRDS file that
specifies the canonical id.  Am I missing something there?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070611/2ffe6403/attachment-0001.htm>


More information about the specs mailing list