[OpenID] Dare to Trust OpenID
Prabath Siriwardena
siriwardena.prabath at gmail.com
Fri Mar 7 12:31:19 UTC 2008
Thanks Drummond & Dick.
- Prabath
On Fri, Mar 7, 2008 at 1:38 PM, Dick Hardt <dick at sxip.com> wrote:
> To clarify
>
> You can either enter your OP or your OpenID. (in prior art in SXIP /
> DIX we had the user entering their OP)
>
> Providing an RP your OP instead of your OpenID provides a number of
> benifefits:
>
> 1) privacy, the RP does not know which OpenID you want to be until it
> gets the response back from the OP -- and also gives the OP a chance
> to ask the user "are you sure you want to login to a site known to be
> a phishing site? etc...
>
> 2) convenience for managing mulitple OpenIDs. The OP can remember
> which OpenID you used at which site and make that be the default one
> to provide to that site.
>
> 3) The OP can make an identifier on the fly or use a directed
> identifier for that specific RP and send that to the RP. Site specific
> identifiers or directed identifiers are inconvenient for users to
> manage directly, but easy for an OP to manage) (see Sxipper !!! :-)
>
> -- Dick
>
>
>
> On 6-Mar-08, at 11:54 PM, Drummond Reed wrote:
>
> > Prabath,
> >
> > What they are referring to is the feature called "OP Identifier" in
> > the 2.0
> > spec. See section "7.3.2.1.1. OP Identifier Element" and also search
> > for the
> > other references to "OP Identifier".
> >
> > The spec is unfortunately doesn't really explain much about the
> > intended use
> > of this option, but in the OpenID community this feature is often
> > called
> > "directed identity" (after Kim Cameron's Fourth Law of Identity),
> > and it
> > simply means you can login with the identifier of your OP rather
> > than your
> > own OpenID identifier.
> >
> > Yahoo chose to implement OpenID that way (at least for the present)
> > and is
> > promoting the idea that websites just stick a "Login with Yahoo" on
> > their
> > login page that will send the login request to yahoo.com. Yahoo will
> > then
> > generate a unique OpenID identifier as the user's Claimed Identifier.
> >
> > =Drummond
> >
> >> -----Original Message-----
> >> From: general-bounces at openid.net [mailto:general-
> >> bounces at openid.net] On
> >> Behalf Of Prabath Siriwardena
> >> Sent: Thursday, March 06, 2008 10:47 PM
> >> To: general at openid.net
> >> Subject: [OpenID] Dare to Trust OpenID
> >>
> >> Quoted from [1]:
> >>
> >> "Instead of asking you for your log-in, a site could ask you for your
> >> OpenID, which takes the form of a URL, such as
> >> myname.openid-provider.net. In fact, with the newer 2.0 version of
> >> OpenID, you may just have to provide the domain, such as yahoo.com
> >> (yes, Yahoo supports such usage for its members)."
> >>
> >> I could not find a section in OpenID Authentication 2.0 spec, which
> >> has a reference to the statement "with the newer 2.0 version of
> >> OpenID, you may just have to provide the domain".
> >>
> >> Any thoughts? [ have I misread it?]
> >>
> >>
> >> Thanks & regards.
> >> - Prabath
> >>
> >> [1]: http://www.eweek.com/c/a/Security/Dare-to-Trust-OpenID/
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
>
>
More information about the general
mailing list