Decentralized vs. user-centric (was 'Re: 2nd Draft')
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Apr 27 03:37:05 UTC 2010
>Another solution that may present itself in the future (as
>technology allows it) is the notion of a user becoming his/her own
>OP.
And the geeks shall lead the way . . . seriously, it would help for
the specs to actively support this.
>For example, I would love to run my OP on my smart-phone.
The problem with smart-phones is their routing: try to get a steady
IP address with them. XRI fails as a solution here, because it's like
tor2web; by proxying the key-based address, it replaces the
verification Tor applies when generating a .onion hash. Recognition
of key-based locations should be anticipatory, not reactive; users
already have a sense of security when they see a padlock icon (SSL!),
but the most they should assume from it is that they have a secure
connection to the MITM.
>It's only on when I turn it on, and it tells me if somebody is
>trying to login as me.
Assuming it's on and an attacker isn't spoofing the RP ;)
Also, see:
http://lists.openid.net/pipermail/openid-general/2009-May/018294.html
Apparently(?), the checkid_immediate spec calls for your OP/URI
maintaining impeccable uptime *and* responding to discovery at all
times.
-Shade
More information about the specs
mailing list