[OpenID] OpenID provider with gibberish identity URLs toavoid nickname change issues

[Peter Williams]

Lets look at the issue as infrastructure designers (with the power to
make some consensus position actually happen):-

A. Two architectural patterns

OpenID allows two forms of user-centric identity: XRI doctrine, and
do-it-yourself (DIY) doctrine (i.e. choose some URI and URI resolver
protocol).



1. In XRI doctrine, user-centric control means: "your" registrar for
"your" id is a conventional hierarchical, policy-controlled, audited
authority infrastructure. Its just like hierarchical PKI, just like
hierarchical LDAP, just like 10 other hierarchical naming schemes.
Nothing new whatsoever (in the user-centric id area); it just a
hierarchy of i-registrars controlling you in your own ultimate interest:
I-deacon, I-priest, I-Bishop, I-ArchBishop, I-Pope.

2. in do-it-your-self, user-centric control means:  USE OF, and RELIANCE
ON, an given user-centric id string is NOT subject to direct/indirect
**legal regime** of ANY Internet Authority, whatsoever.



B. Which reasoning model do I apply to the Use Case of Organized Realty?

The organized world of US realty - a use case-driven design study in
this context - is a mix of the patterns underlying (1) and (2). Its
retains the flavor of (2) because the authorities in (1) are wholly
incapable of imposing and enforcing the hierarchy. Every time anyone
tries to make money out of imposing hierarchy, there is a local backlash
in the resurgence of (2). This dynamic has nothing to do with XRI vs
URI; its being going on for 100 years in California, for example.

If I put this world view now in XRI terms, I could make Rapattoni an
I-Broker tomorrow, and join up to the whole XRI policy regime, after
an(other) audit fee, and after paying more monthly subscriptions. Or, I
could outsource, and accomplish the same even faster, for an even bigger
monthly fee, per user. I could quickly issue i-names to 1M realtors.
Deploying some load-balanced OP server for OpenId Consumers to use,
delegating crypto to my FIPS 140-1 level 3 crypto-hardware, is obviously
trivial.

But, am I adding anything here to the mission of OpenID - as
countenanced in the wiki?

Im not sure we would have taken an excellent use case (fully
distributed, semi-hierarchical infrastructure composed of 1.3M
individual contractors who run their own (1000 or more) local trade
associations) and explored what OpenID can really do, in all its
user-centric ideas.

Peter.


Postscript.

What the US DOJ wants organized realty to do is answer: WHY has the web
not **fundamentally** altered the practice of organized real estate
(like it did organized travel )? So, I want to see to it that we have
looked at OpenID in its paradigm-shifting modality - not just adopt yet
another hierarchical registration authority doctrine (which organized
realty already has).

I suppose I could make Rapattoni an I-Broker that is "independent" of
XRI.ORG - much like we run a US-wide CA network that is independent of
VeriSign. But again, I'm not focusing on what OpenID can really do when
let loose, I feel.



> -----Original Message-----
> From: general-bounces at openid.net 
> [mailto:general-bounces at openid.net] On Behalf Of Evan Prodromou
> Sent: Saturday, June 09, 2007 6:52 AM
> To: Stuart Bishop
> Cc: general at openid.net
> Subject: Re: [OpenID] OpenID provider with gibberish identity 
> URLs toavoid nickname change issues
> 
> On Mon, 2007-28-05 at 20:08 +0700, Stuart Bishop wrote:
> > I am working on turning a webapp into an OpenID provider. 
> One if the 
> > features of the webapp is that the user's nicknames are 
> changable. We 
> > would like nickname changes to not affect other 
> applications we need 
> > to integrate with, so wish to use an unchanging opaque identifier 
> > instead of the user's nickname.
> 
> Given the choice of IDs that are readable and meaningful, and 
> IDs that survive nickname changes, I'd prefer the former.
> 
> -Evan
> 
>