[OpenID] Combining Google & Yahoo user experience research

Brandon Ramirez brandon.s.ramirez at gmail.com
Wed Oct 15 03:32:47 UTC 2008


It's more than just request -> response.  It's also an intriguing model for
information resolution,  where the trust is centralized, but then delegated
out.

Why shouldn't it be used for identity resolution as well?  An identity (even
more so from a computer's perspective) is merely a small set of data with a
chain of trust - just like most DNS lookups.

On Tue, Oct 14, 2008 at 10:45 PM, Martin Atkins <mart at degeneration.co.uk>wrote:

> SitG Admin wrote:
> >
> >> Putting it in DNS doesn't change the user-centricness, it just changes
> >> the means of publication.
> >
> > I disagree here; to use military terminology here (as learned from
> > analyses of Trusted Computing) for a moment, your DNS server is not a
> > Trusted party for your personal information! IT does not have access to
> > your personal information; YOU do. If a spammer (or stalker) wants to
> > learn where you live (so they have a physical address for snailmail spam
> > or home invasion), they cannot simply ask the DNS server where you live,
> > because the DNS server does not possess that information - they MUST
> > contact you, the user, directly, and in the process of making that
> > request they not only make you (the user) aware of it, but provoke the
> > distinct possibility that you will simply refuse to tell them!
> >
> > Your reply also suggested, though, that this level of control *can* be
> > present in DNS, which intrigues me :)
> >
>
> I was not suggesting that you should put your physical address or
> telephone number in DNS, just that you can publish in DNS information
> about how that information might be obtained, much as you publish on
> your web site how that information might be obtained.
>
> I'd also like to point out that HTTP URLs are themselves dependent on
> DNS. All you gain by publishing this information over HTTP rather than
> DNS is a couple more layers of indirection. I can't control my identity
> page on MyOpenID any more than I can control the contents of the
> myopenid.com DNS zone.
>
> Additionally, since DNS is a request->response protocol just like HTTP,
> there's no technical reason why you can't log requests and refuse to
> talk to certain clients if you wish. The domain name system is not magic.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081014/cf9b8c3a/attachment-0002.htm>


More information about the general mailing list