[OpenID] OpenID based decentralized social networking
Peter Williams
pwilliams at rapattoni.com
Fri Jun 15 16:41:55 UTC 2007
This seems to be a co-resident decision/enforcement model - were
local-authorization is part of the RP-application (not OpenID). The UCI
string (post webSSO) is just a form of Principal - a "subject",
probably, in some access control model.
Where is the Sun-case discussed in more detail?
The HTTPS/cert community has learned a lot over 10 years about
exploiting domain-name patterns, in URL/entitlement authorization
handling. It started life as a way of load-balancing and multiplexing
secure https endpoints - but evolved into an authorization scheme.
-----Original Message-----
From: Lukas Rosenstock [mailto:lukas.rosenstock at identity20.eu]
Sent: Friday, June 15, 2007 9:30 AM
To: Peter Williams; tom; general at openid.net
Subject: Re: [OpenID] OpenID based decentralized social networking
As far as I understand this, it's not different from any usual access
control system except from the fact that the usernames are OpenIDs. So
if
I create a website I can give my friend "xy.myopenid.com" the permission
to edit some sites and when she logs on using that identity URL, she is
granted that permission.
That takes us back to the "Sun-case", for example (seems not yet
implemented in Aroundme/Barnraiser) you could give "*.company.com" (=
all
employees of a company) access to a system.
More information about the general
mailing list