[OpenID] Can one use Generic OpenIds

frumioj at mac.com frumioj at mac.com
Tue May 22 17:42:59 UTC 2007 

I'll just add that OpenIDs are often URLs. URLs themselves identify
resources. Resources may be 'groups' or 'roles', (human- or
machine-readable) descriptions of groups or roles, or something else.

An OpenID is minted for SSO, but has not necessarily anything to do with
the authentication mechanism (it's even possible that the user provides
a different OpenID to the IdP than that given by the IdP to the RP).

In other words, URLs can already be "semantically meaningful" based on
the world wide web architecture, and perhaps (if you believe its
advocates) with the addition of the "semantic web".

It seems that OpenID RPs and IdPs will likely have to live with those
consequences, regardless of whether it is a good or a bad idea to use
identifiers these ways.

Regards,

- John

Eve L. Maler wrote:
> Just to be crystal-clear, the Sun construct is based on accessing 
> our OpenID authentication service, not necessarily on the particular 
> form of the identifier.  If you want to use your own arbitrary 
> OpenID and delegate over, the assurance still applies.  This notion 
> of a "generic" OpenID as expressed by Peter seems a bit different, 
> and closer (strictly speaking) to Drummond's "semantically 
> meaningful identifiers" than the Sun case is:
> 
> http://www.equalsdrummond.name/?p=104
> 
> 	Eve
> 
> Dave Kearns wrote:
>> From: David Fuelling
>>> Only a few weeks ago, when Sun announced that all of their employees would
>>> have OpenId's (and by proxy, all of these employees could identifi
>>> themselves as sun employees using these ids) there was a lot of discussion
>>> (around the web) relating to why this is a bad idea.  Might be worth
>>> searching around for some of the reaction to the Sun announcement
>>> (I can't think of a direct url link at the moment).
>>>
>> There was much chest-thumping on this list, but many of the outside comments
>> I read were similar to mine
>> <http://vquill.com/2007/05/at-last-real-work-for-openid.html>, that - absent
>> any agreement on AX - this wasn't a particularly bad idea at all.
>>
>> Still, the Sun construct is based on the domain issuing the OpenID, whereas
>> this new proposal bases the deduction on the more ephemeral part of the URL,
>> which would be difficult to keep secure with any sort of group access.
>>
>> -dave
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>

More information about the general mailing list