[OpenID] Fwd: Yahoo open id URL and which PHP Library

Peter Williams pwilliams at rapattoni.com
Mon May 19 15:32:16 UTC 2008 

If I got the message loud and clear, we must not assume that the localid is a URI - it is merely a key (in the database sense) - in the context of openid auth and those extensions currently defined.

We know from the localid in XRI resolution, that the key can take the form of an i-number rather than a URI - and IS an i-number if one has relies on the "trusted resolution" mode of the XRI resolver.

On the one hand, this leads one to the conclusion that the localid is an opaque type. It has no type, in a formal logic describing all the properties of openid auth . The protocol engine of the RP should thus not make any assumptions about typing, other than relying upon non-ambiguity (in untrusted resolution) or uniqueness in i-space (trusted resolution).

Now, an RP is more than a protocol engine; its also a message handling process. The above is somewhat obviously contradicted in the case of the localid being an i-number when RP is itself an i-broker - an entity that knows and relies upon addiional semantics of i-numbers when delivering i-services - including "XRI-enhanced " OP services.

So on the grounds that one contradiction often leads to interesting others, other schemes for localid could similarly be interpreted by classes of RP other than those in the i-broker class. 

Perhaps we see this notion of an implicitely-typed localid already standardized in AX, where n RPs can conform a RP-community linked by localid (from a common OP, nominally) - allowing them to coordinate their own services based on the common persistent key value (e.g. some keyed-hash of the Yahoo-copyright localid, say)

Its tempting to fall into the trap of looking at the localid as a reference-key into the distributed database of attributes maintained about objects maintained by OPs. With a little thought, you see how, the properties of uniqueness and non-ambiguity also make it (like any key) a linking value - between two disconnected identity spaces. This leaves behind the notion that the localid is merely a control value, issued by an OP authority. An RP can belong (like a trust bridge) in two worlds at once. This could be (1) the world of the OPs (generally, domineering federations full of policy wonks selling privacy services), and (2) the world of many sets of RPs cooperating (the mashup space(s), to use a modernism, full of individualists).

_________________________
Peter Williams



From: Webbee eSolutions (P) Ltd.
Sent: Mon 5/19/2008 7:13 AM
To: Peter Williams
Cc: Jonathan Daugherty; general at openid.net
Subject: Re: [OpenID] Fwd: Yahoo open id URL and which PHP Library





2008/5/18 Peter Williams <pwilliams at rapattoni.com>:

The testimonial is that you are not afraid to try, not afraid to fail, and not afraid to seek advice in public. I do all of those things, all the time (particularly, the failing bit). This publicity of success is all the testimonial one can really hope for. From your example, you can be assured that someone else will now also try...and probably succeed.


One last question from me at this topic,
I have successfully integrated but the identifier i receive from yahoo is like https://me.yahoo.com/a/ZZNIxYUnztRe6GC7wNo5sEf6212J#4234

Can it be changed by some user whose identifier it is and do i have to store in this form, i mean it has # sign also.

Regards,
Abhi 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080519/232fd3d9/attachment-0002.htm>

More information about the general mailing list