Identity Uniqueness Problem - Can openid solve it?

Jusung Baek jsbaek at daumcorp.com
Thu Sep 21 03:04:39 UTC 2006 

John : And in my opinion, I don't think a /user/ should ever need to know
his

or her unique identifier assigned by some identity provider and used at

same service provider.

 

I agree john’s opinion. We never remember our credit card number which
identifies us in the credit card company.

I also don’t remember my bank account. I can’t.

 

Users need not to know his/her unique identifier. It is ok only if service
providers and identity providers can identify who he is, whatever
identifier format, meaning is. 

 

I think that ‘openid’ is very useful for commenting in blog, news. Openid
is the identifier that people really should remember, use as like their
names.

 

Then, how about let openid be like nickname(or display name) and another
unique identifier ( like SAML 2 pseudonym identifier ) be shared between
idp and sps through openid authentication protocol ? ^^

 

User enters his openid at sp. Ex, flyToTheSky.myopenid.com .

SP send authentication request IDP ( myopenid.com ) with the entered openid.

IDP authenticates the user with user’s id/pwd for IDP or another
authentication method. Ex, jini/jinni.

IDP generates pseudonym identifier for the SP, and send it back to SP.

SP record the user’s openid as “flyToTheSky.myopenid.com” and pseudonym
id of the IDP which can be used to track the user if needed.

 

Jusung Baek.

 

-----Original Message-----
From: Drummond Reed [mailto:drummond.reed at cordance.net] 
Sent: Thursday, September 21, 2006 2:57 AM
To: 'John Kemp'; '백주성'
Cc: general at openid.net
Subject: RE: Identity Uniqueness Problem - Can openid solve it?

 

 

Having worked on this problem for seven years now as part of the XRI

effort, let me share this thought: smart enough software, and intelligent

enough identifier standards (which XRI aspires to be), can give you

effectively what you seek.

 

In other words, to use John's example, to all the people and organizations

that matter to you you COULD be just "John" -- from your perspective. And

all those people and organizations could be just the simple, human-friendly

name you want to assign them -- from your perspective. (Note that those

simple, human-friendly names you assign to them still need to be unique --

from your perspective -- or else you won't be able to distinguish between

them yourself.)

 

All of this can work *from your perspective* because the smart software and

identifier standards would automatically do the mapping between your own

set of preferred identifiers and the globally-unique identifiers needed to

identify all those other parties in the manner needed to communicate with

them over the net (and under the privacy policies they prefer).

 

It's another example of how making things really, really simple for the end-

user is really, really hard.

 

But someone's got to do it ;-)

 

=Drummond (i-name: =drummond.reed, http://xri.net/=drummond.reed) 

 

-----Original Message-----

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On

Behalf Of John Kemp

Sent: Wednesday, September 20, 2006 5:52 AM

To: 백주성

Cc: general at openid.net

Subject: Re: Identity Uniqueness Problem - Can openid solve it?

 

백주성 wrote:

> Identity Uniqueness Problem

 

Note ^^^^^ /identity/ Uniqueness problem. There's a difference between

an identifier, a unique identifier, and an identity ( basically a

collection of identifiers)!

 

> 

> I think that

> 

> Identifier should be one which he/she really want.

> 

> Identifier can be modified as his/her wish.

> 

> Identifier should not be unique.

 

An identifier is something that identifies you. In other words, it puts

you in a set (potentially a set containing only one element if it is a

unique identifier for you) of those identified by that identifier.

 

An identity consists of some attributes about you. Those attributes ae

often identifiers. My name "John" is an identifier. If you said "create

a set of all people called John", I'd be in that set. In other words, I

am identified by that identifier.

 

John is, of course, not a unique identifier.

 

Many companies assign /unique/ identifiers to an individual. Such an

identifier has the purpose of uniquely identifying a single individual

(or thing).

 

Imagine that you have a bank account - if someone needed to put money

into that bank account, they'd want to ensure it was the bank account of

the single entity that they wished to pay. It would be pretty bad if

they couldn't uniquely identify the bank account!

 

So, there's some services that need to uniquely identify an individual

(ie. banking, government etc.) There are some services that provide

better service by uniquely (or partially) identifying an individual. If

a service knows it's you, uniquely, it can customize its service (what

are your preferences for news content - likely not the same as mine?)

And then there are also many services that need only /partially/

identify you (your post code is an identifier for you, in that you would

fit into the set of all people who live in that postal area, and could

be used to give you the weather report for your post code).

 

OpenID seems to be focused on the use-cases for uniquely identifying an

individual.

 

And in my opinion, I don't think a /user/ should ever need to know his

or her unique identifier assigned by some identity provider and used at

same service provider.

 

- John

> 

>  

> 

> How do you think about that?

> 

> 

> 

> 

> ------------------------------------------------------------------------

> 

> _______________________________________________

> general mailing list

> general at openid.net

> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20060921/8d1d8620/attachment-0002.htm>

More information about the general mailing list