[OpenID] cryptographics web of trust

Story Henry henry.story at bblfish.net
Fri Aug 17 16:11:11 UTC 2007 

On 12 Aug 2007, at 17:40, Peter Williams wrote:

> http://openid.net/wiki/index.php/OpenIDChanges#IdP- 
> driven_Identifier_Selection
>

Interesting.

> Here we see the OpenID auth protocol (proposed) using an URI to  
> identity the IDP - rather than the user. As a provider of a naming  
> context, that IdP is entitled to help an interactive user select  
> which of several URI name to use, when creating an assertion for  
> use by the consuming website. Those names may be from the naming  
> context of the IdP, or any other IdP with which the agent has "some  
> relation" (e.g. multi-mastering, subordination, name context  
> federation...)

Well there are many sophisticated relations one could come up, but  
there is one simple one, which is that the IDP is or is not able to  
authenticate an agent. So the Identity Provider (IDP) is indeed a  
group identifier.


> Thus, we do need clearly to label an OP Agent  (opting to use RDF)  
> with a FOAF-style URI, as presumably its FOAF relationships to  
> other IDPs controlling other naming contexts for endusers will need  
> to be modeled and represented.

<https://openid.sun.com/openid/service>
    a openid:IDAuthService;
    openid:serviceFor <http://sun.com/sunw#sunw> .

Here I relate the IDP https://openid.sun.com/openid/service to the  
company Sun Microsystems.

Sun Microsystems will be described itself in a foaf file (http:// 
sun.com/sun), which may have links to other foaf files or IDPs. Many  
other cases are imaginable.

> This is a wot for the OPs, as opposed to the wot for the end users.  
> These are conventionally modeled as two different sets of knowledge  
> - though need not be.

Yes, the Web Of Trust can work both for end users and for  
organizations. In fact I was arguing for a web of trust, without the  
encryption side, in "A FOAF file for Sun" [1]

The ontology to do this is very simple really. I write most of it out  
in that article. It just would need to be taken on and maintained by  
some reliable organisation.

Henry

[1] http://blogs.sun.com/bblfish/entry/a_foaf_file_for_sun

More information about the general mailing list