[OpenID] Localhost OpenID

[Dan Lyke]

On Wed, 13 Dec 2006 19:49:47 -0800, Rabbit wrote:
> When I was talking about localhost, btw, I didn't mean as the
> identifier itself, just for authentication. So a yadis doc would  
> still be served up from the public web.

I'm still not understanding you, but I think you're asking one of two  
questions:

1. Can my Identity Provider use some key exchange mechanism with my  
computer to authenticate me?

2. Can the Relying Party keep a record of a my public key and  
authenticate me via a public/private key exchange, ignoring my  
Identity Provider altogether (or using my identity provider only for  
the purpose of telling the Relying Party to ask you for your public  
key and initiate some sort of exchange that way)?

The answer to #1 is: absolutely. Although there's been some debate  
about this recently, how you authenticate with your Identity Provider  
is largely between you and your Identity Provider.

The answer to #2 is: Not with HTTP. Such an exchange should be  
possible, there are all sorts of ways to code it up, I'd suggest that  
you go read the LID spec for something that was starting down this  
path, but there are a lot of barriers to deploying something like this  
to the Internet at large in the general case, and building something  
into OpenID for the edge cases of those people who could figure out  
how to configure their computers and net connection to do this isn't  
reasonable right now. At least IMHO.

But solving #1, and creating an Identity Provider which uses your  
solution, would be a good step towards being able to understand the  
issues and come back here with a proposal for #2.

Dan