[OpenID] On the portability of identifiers

Peter Watkins peterw at tux.org
Thu Nov 6 15:32:28 UTC 2008 

On Fri, Oct 31, 2008 at 09:21:18AM -0700, SitG Admin wrote:
> 
> >If the set has three identifiers, then you only need to present two 
> >of them to show it is you, and then you can substitute a new 
> >identifier so that you again have a redundant set.
> 
> RP's should also let the user, at signup or any point thereafter 
> (when authenticated with a majority of their set), increase the 
> minimum number of identifiers that are required for making changes - 
> so that, if a user who once had only 3 identifiers gradually acquires 
> 2 more, they can say "Okay, now we need THREE identifiers to make 
> changes.", and still enjoy fault-tolerance if suddenly TWO of them 
> were to go down or become hostile.

That sounds too complex for most use cases, but I'm interested in this as an
RP recommendation that's completely outside the scope of the OpenID spec.

Here's a simpler model: the RP allows a user to associate multiple
OpenID identifiers with their RP profile. Each OpenID identifier should
be associated with contact information. A user should have the ability
to log in as any of their known identifiers and disavow any other 
identifier. Disavowal triggers communication to the disavowed identifier's 
contact. If an attacker subverted Identifier B and disabled Identifier A
on the RP site, the RP would do something like email the contact for
Identifier A. So the user would know that B had been compromised. From
that point it's a standard customer service issue -- the individual
will need to contact the RP to report the trouble. What if the attacker
used B but left A enabled? A simple login history on the RP and "last
login" info would reveal that abuse.

This 1 of N + disavowal model would give individuals a way to migrate from 
one OpenID to another if they anticipated problems, without making everyday
authentication more tedious. 

> RP's could also allow settings for customized access based on 
> specific identifiers. For instance, if I log in with my work ID, 
> don't show me the personal E-mail's!

Nice idea.

-Peter

More information about the general mailing list