[OpenID] Don't you think digital identity URIs should have aspecific TLD ?
Drummond Reed
drummond.reed at cordance.net
Wed Dec 27 21:11:03 UTC 2006
>> Sebastien wrote:
>> It's about why OpenID should be allocated a specific TLD, to avoid
>> the high dependency on the digital identity provider domain name.
>>
>> http://www.egomedium.net/index.php/2006/12/22/46-why-openid-need-a-
>> specific-tld
>
>Scott wrote:
>
>Wouldn't .name be a great candidate for this? It already exists and has
> yet to find a real killer application to push it.
I can't let this thread go by without explaining that this was one of the
core rationales for the creation of the XRI Technical Committee at OASIS in
2003 and subsequently the establishment of XRI personal i-name (=name)
registry services by XDI.org (in full disclosure, my employer Cordance is a
contractor along with NeuStar for the Global Registry Services offered by
XDI.org).
One of the key reasons XRI architecture was developed was to satisfy
requirements that exist at the digital identity level that don't necessarily
exist at the domain name level. For example, all domain names are
reassignable -- once your registration expires, anyone else can register it.
In the context of OpenID, that's an invitation to disaster -- "taking over"
someone's Internet identity is a simple as taking over their expired domain.
XRI infrastructure solves this problem by explicitly supporting reassignable
identifiers (i-names) and persistent identifiers (i-numbers) and permitting
the resolution of any reassignable i-name to be mapped immedidately to a
synonymous never-reassigned i-number which can be safely stored by an OpenID
Relying Party without exposing the identity owner to the risk of having
their i-name "taken over". This is now a key feature of OpenID
Authentication 2.0 specification as I explain in a blog post I did on Phil
Windley's ZDNet article on i-names just before Chrismas:
http://www.equalsdrummond.name/?p=88
For a DNS TLD (.name, or any other) to provide this same functionality would
either require that they stop reassigning names (thereby making them
permanent registrations), or that they essentially duplicate XRI
i-name/i-number synonym architecture. Since the latter would require
retooling DNS, which seems very unlikely, that's why the XRI "overlay" was
created (XRIs map to URIs very much like domain names map to IP addresses).
=Drummond (i-name: =drummond.reed, http://xri.net/=drummond.reed)
More information about the general
mailing list