Identity Uniqueness Problem - Can openid solve it?
Gabe Wachob
gabe.wachob at amsoft.net
Wed Sep 20 19:10:01 UTC 2006
> OpenID seems to be focused on the use-cases for uniquely identifying an
> individual.
While the discussion may be focused on SSO for individuals, there's nothing
in OpenID that states that an openid identifier identifies an individual.
All that OpenID assumes is that someone who is asserting that they have some
sort of relationship (e.g. they can "authenticate" to the OpenID IDP
associated with the OpendID ID) with that OpenID. That relationship can be
"membership in a group", it can be "anybody", it can be "the individual who
signed up to 'own' this OpenID, it can be "anybody who wants to pay $5 to
use this openid for today only", etc).
In short, the concept of *what* the openid identifies is orthogonal to the
OpenID specifications as they exist today. While the use-cases of SSO
usually imply unique identification, wait until the NY Times starts taking
OpenID and someone decides to set up a "no-auth" openid server that lets you
assert any openid you want... a truly anonymous, non-authenticatd openid...
-Gabe
More information about the general
mailing list