[OpenID] Localhost OpenID

Recordon, David drecordon at verisign.com
Thu Dec 14 22:53:20 UTC 2006 

Don't XRIs achieve this by adding a layer of abstraction.?.

--David 

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Rabbit
Sent: Wednesday, December 13, 2006 7:25 AM
To: general at openid.net
Subject: [OpenID] Localhost OpenID

Nearly a year ago I brought up a concern and was seemingly alone on this
point so I stepped aside hoping as things developed I would have my mind
changed. I now think it really is just a difference in philosophy so I
wanted to bring this up again to see what others think.

The best way I know to illustrate the concern is to argue for localhost
OpenID. Right now using localhost for your OpenID is impossible because
it's a local network address and is also different for every single
machine. Even though the transactions between a web service and identity
provider leverages the *users* line of communication, the URL is very
important to OpenID. So would it be possible to use localhost? Yes, if
OpenID were concerned about identity as a resource instead of identity
as a URL.

There is a big difference between a resource and a URL but OpenID is
resource ignorant. Any URL that resolves to 64.233.187.99 is still
Google. If any of the URL's change or even the IP address, the identity
that *is* Google is not completely bound by these terms. The important
thing is the resource not how we find it. In terms of OpenID the URL can
be changed with a juggling act but the emphasis is never taken off the
URL there is no "identity resource" we're hoping to find or that exists
independant from it's locator.

Don't get me wrong I'm a very big supporter of using URL's as the
identifier, but only as something human usable. If a URL resolved to a
public key, for example, web services could cease to care about URL's
altogether. If a user changed identity providers, the web services would
never have to work to reclaim their users accounts, to the web service,
the identity being handled has not changed because the resource is the
same. Along with all that, a user could use their vanity domain as their
public face and localhost as their identity provider. "localhost/jane"
would be different from all other "localhost/jane"s because the
resources would be verifiably different.
You could easily carry your identity provider with you in your pocket on
a USB drive.

What could be more decentralized than that?

Maybe I just don't get it.

--
Rabbit
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list