[OpenID] Method for expressing mechanical relationships with OpenID's

Rabbit xageroth at gmail.com
Mon Mar 5 04:36:12 UTC 2007 

I've been searching through the list / blogs looking for conversations
about this so please point me in the right direction if there's
already a discussion.

I was trying to think of a simple way of expressing agreements and
relationships with OpenID's and have been playing with a few
possibilities. Let's say you wanted to declare ...

"I'm Acme Corp."

OpenID addresses this but not ...

"... and I'm Photo Editor, a service of Acme Corp."

The closest OpenID gets to this would be with the Trust Root, but
that's making the assumption that Acme Corp hosts all its services on
a single domain and doesn't really reflect the reality of the
*identity* that is Acme Corp.

How difficult would it be to assign an OpenID to both Acme Corp and
the Photo Editor service, then invent a human-usable URI namespace
that expresses this relationship? Could very easily be expressed in
plain text.

Arrangement: http://example.openid.net/ChildService/
Proposed-by: http://acme.com/
Signed-by: http://photoeditor.com/
Signature: .....

(If you're scared of signed certs I *suppose* you could do without the
signature if the certificate is given a synonymous ID with which you
could ask the other party "You know anything about Cert #38?" and see
if it's the same.)

Going to the URI namespace would have a standardized, formal
explanation of what the assertion is phrased in a way that inquiring
minds should easily understand it. Seeing something like this an
OpenID provider could make more complicated suggestions such as
"You've enabled a trust root for Acme Corp (http://acme.com/). Photo
Editor (http://photoeditor.com/) is a "Child Service" [?] of Acme
Corp. Would you like to extend trust to all of Acme Corp's child
services?"

I think something like this would be pretty open for exploration. It
would be easy to invent relationships if there doesn't exist an
arrangement that will express it because the namespace is applied to
something expressed in human terms. "This is a service we developed."
"This is a sister company." "This user entrusts me with their phone
number so long as we do not distribute." etc etc.

Trying to imagine some XML format eventually expressing some of these
things makes me cringe, but then maybe I'm jumping the gun on this and
there's no need to express any of these things.

-- 
Rabbit

More information about the general mailing list