[OpenID] What's broken in OpenID 2.0? (IIW session)

[Martin Atkins]

Allen Tom wrote:
> 
> Issue #2) OpenID recycling
> 
> In order to free up desirable userids, many large OPs recycle userids
> belonging to inactive accounts. If an OpenID is recycled, the new owner
> will be able to access the previous owner's data if the RP is not aware
> that the OpenID has changed ownership. 
> 

We have actually touched on this issue briefly in the past. One idea 
that was floated around was the use of a "serial number"[1] in addition 
to the OpenID URL, where providers would ensure that the same serial 
number is not used for two instances of the same identifier. However, 
this is troublesome because it requires RPs to change the way they store 
and identify identifiers, and is thus not backward-compatible.

At the moment, OPs should not be recycling usernames at all. Any that 
are doing so are broken. That is not to say we should not come up with a 
better approach that allows recycling, however.

> 
> Additionally, the OpenID spec should be reworded to encourage RPs to use
> stateless mode, as in practice, securely storing shared secrets,
> properly calculating and verifing signatures, and implementing a cache
> of used nonces, is actaully pretty hard to get right, and incorrect
> implementations are security holes.
> 

The idea is that people will use the standard, well-tested, battle-worn 
libraries to handle this stuff. That way they can have more confidence 
of getting it right. You may be right that people who are "rolling their 
own" would be better off using stateless mode; it really depends on what 
sort of service you're providing, of course.

> 
> I look forward to discussing these issues and more next week at IIW.
> 

As do I. :)



[1] Not necessarily actually a number, but some kind of invisible extra 
value used as part of the identifier's "primary key" so that new 
instances end up being separate accounts.