[OpenID] What's broken in OpenID 2.0? (IIW session)

[Phil Hunt]

Another problem I raised a while ago was portability. Unless each user gets their own private domain, their identity is stuck with the provider that owns the namespace. 

Identity Life-cycle and transfer are issues I'd like to talk more about.

Phil Hunt

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of ydnar
> Sent: Thursday, May 10, 2007 11:56 AM
> To: Martin Atkins
> Cc: general at openid.net
> Subject: Re: [OpenID] What's broken in OpenID 2.0? (IIW session)
> 
> How significant (read: incompatible) a change would this be to the spec?
> 
> URL recycling on services like LiveJournal or Vox is a pretty real
> issue: Users can elect to change their URL at any time. Their old URL
> could then be adopted by another user. Having the underlying mapping
> be an opaque value (or a guaranteed never-recycled URL) instead of
> the actual URL would address this.
> 
> Randy
> 
> 
> On May 10, 2007, at 10:13 AM, Martin Atkins wrote:
> 
> > ydnar wrote:
> >> Can the OP override the user's input?
> >>
> >> User asserts:                  brad.livejournal.com
> >> LiveJournal overrides with:    openid.livejournal.com/584593450349
> >>
> >> Which (for LiveJournal) would be guaranteed unique, never recycled.
> >>
> >
> > This is essentially the XRI mechanism, but done over HTTP instead. We
> > did also talk before about trying to make XRI-style synonyms (which
> > would solve this and other similar problems) with HTTP URLs, but I
> > think
> > the main trouble is figuring out a way that this can be done securely
> > without adding significant overhead.
> >
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general