[OpenID] Localhost OpenID
Jeremy Smith
jeremyrsmith at gmail.com
Thu Dec 14 01:55:41 UTC 2006
On 12/13/06, Martin Atkins <mart at degeneration.co.uk> wrote:
>
> Rabbit wrote:
> > On 12/13/06, Daniel E. Renfer <Duck at kronkltd.net> wrote:
> >> First off, the problem with using localhost as your identity is the RP
> >> and OP have to be able to resolve 'localhost' to be the same IP
> >> address.
>
> While I guess you could in theory dream up another system where this
> isn't the case, the OpenID protocol as currently specified requires the
> RP to retrieve the identifier URL, and thus the identifier URL must be
> accessible to the RP.
>
>
I think it would really be *bad* for OpenID if it were possible to use
localhost as your identity. It's the equivalent of saying "I am me". It
provides no useful information and does not provide any identity.
Imagine trying to get into a club and the bouncer is checking IDs. If
everyone just says to him "I am me" and he lets them in, what's the point of
checking IDs in the first place? The benefit of OpenID comes from the site
that's authenticating you being able to be sure that you own a certain URL.
*Everyone* owns their localhost, so it's a no-brainer. Like Daniel said -
if you want to use your own machine to serve your identity, attach a dynamic
domain name to it.
If you enable "localhost" to be a valid OpenID, it will either a)
immediately become useless as it becomes universally banned because of
spammers using "localhost" to authenticate themselves, or b) open the door
for spammers to render OpenID completely useless.
Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061213/dbbdace6/attachment-0002.htm>
More information about the general
mailing list