The problem with OpenID (TAKE 3) How to become Linus Torvalds

Phillip Hallam-Baker hallam at gmail.com
Tue May 18 16:28:43 UTC 2010


To me the reason the problem goes beyond simply authentication +
attributes is that we are providing a resolution mechanism for Web
'principals' identified through consistent, machine readable, human
friendly identifiers.

So 'Phillip Hallam-Baker' is not a useful identifier in this case as
even though this example is unique, the class of identifiers it is a
member of are not unique and thus not useful as machine readable
identifiers. Contrawise any identifier of the form '=292rj239e!' might
be machine readable in the right circumstances but certainly isn't
human friendly.


A principal here is most often going to be a Web User but could in
certain circumstances be a computer process or agent running on a
machine or could be some abstract corporate entity.

A principal may be an individual or may be an individual acting in a
specific role. So fred at gmail.com and fred at google.com might be the
exact same person but respond differently due to the fact that in one
role he may be acting in a corporate capacity.

A principal might even by a physical location such as a building.
malden#friendlies.com might be the Friendlies restaurant at Malden.


A resolution of a principal may mean:

* Authenticating an interaction with the principal
   * An email message
   * A log in attempt
   * A permission that has been granted by Principal A to Principal B
* Initiating an interaction with the principal
   * An email message
   * An instant message
* Making a reference to the principal
   * Asserting that the principal initiated a communication
   * Asserting that the principal has a property
   * Asserting that principal A is the source of assertion B
concerning principal C



On Tue, May 18, 2010 at 11:48 AM, SitG Admin
<sysadmin at shadowsinthegarden.com> wrote:
>> My view is that we should stop talking about 'identity' all together.
>> We should instead define the range of problems we want to solve as use
>> cases and go solve them. Identity is too much of an abstraction, it
>> can stand for anything.
>
> +1 to targeting problems rather than ideals (at that layer).
>
> The abstraction (of identity) is this community's strength and weakness; it
> names the Purpose that brings everyone together, and it calls in people from
> all over who may be able to contribute something. This concentration of
> diverse ideas, though, doesn't create a single harmonious overlap of equally
> distributed strength; there are outliers, ideas that aren't shared much by
> others here. The two are opposite sides of the same coin.
>
> To restate this in a slightly different way, it's a popularity contest: none
> of us can decide what idea will see the most adoption, since none of us can
> make those decisions for everyone else. Nearly any idea is probably going to
> be seen as a bad one by *some* person in the group (Santosh helps make
> statistics come *true*!), and we should each be prepared to occasionally
> bite the bullet and accept that it's *our* turn to be left out in the cold.
> (Then leave our unpopular ideas behind and come in for a warm meal and
> whatever work has got so many members of the community in the commons
> house.)
>
> -Shade
>



-- 
Website: http://hallambaker.com/


More information about the specs mailing list