[OpenID] XRI semantics and heavweight identity management
Peter Williams
pwilliams at rapattoni.com
Sun Apr 20 05:28:01 UTC 2008
I'm reading http://docs.oasis-open.org/xri/xri-resolution/2.0/specs/cd03/xri-resolution-V2.0-cd-03.pdf very carefully, aiming to fully understand OpenID2. My goal is to then go enhance my RDF server so it can respond with some simple XRDS files, augmenting its native metadata about service endpoints with FOAF data (to allow for intelligent RDF-driven RPs). I don't aim to actually implement XRI Resolution. I just want pretend to do so, for some simple XRDs and xri queries. Its a good learning exercise; a good first step to get a feel for the algorithm and how one tunes it all.
There are a lot of procedures and identity semantics in the specification. Its essentially a toolkit. How literally should I take all the options, as they reflect on OpenID2? Can any and all of the options in the document be leveraged when building an actual OP->RP relationship? Are any and all the options "compatible" with OpenID infrastructure vision?
For example, as a solution architect, I could specify that an OP will operate a regime requiring only this or that durability of resources, that equivID will be used in way X to accomplish Y per the spec, that child and parent authorities will and will not be able to do certain things - per choice of policies and setup, etc, that XRI references between XRDs shall occur in this or that way. As a result, I could easily take the toolkit and build a very unique and particular trust model, addressing the full lifecycle of identity management in a distributed authority model.
If I were to do all this "heavyweight identity management", can I still be asserting at the end of the day that Im "doing OpenID", in a manner "consistent with" the openid culture, vision and community goals?
I ask, as building such a trust model is rather different culturally to the traditional context - in which a user goes stuff some meta tags into a blogging HTML page, a user types in a URL at a URL, and OP->RP flows send assertions over an authenticated channel! Such an XRI-derived infrastructure is an entirely different kind of trust management infrastructure, very much focused on notions of authority and is very much contingent on RP recognizing that various third parties authorities have various rights to speak (in different ways) for a particular user identity.
Obviously, there is no one word sentence answer to this question set. Its guidance I'm looking for
_________________________
Peter Williams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080419/5401b228/attachment-0002.htm>
More information about the general
mailing list