[OpenID] On the portability of identifiers

Dick Hardt dick.hardt at gmail.com
Fri Oct 31 04:17:12 UTC 2008 

I gave a presentation on this problem and a possible solution at the  
last IIW. (I should write up a blog post or something about it.)

I described the problem as a loss of control of the identifier. XRIs  
have a layer of indirection on the identifier, but there is still just  
the one identifier, and if someone else has control of it, then they  
control your online persona that you have established with it. Certs  
have a different, but effectively similar problem you describe. If you  
lose the private key, you have lost control of the identifier.

One way of solving this is to have more then one identifier --  
essentially an identifier set -- so that if you lose control of one  
identifier, you have not lost control of the identifier set. If the  
set has three identifiers, then you only need to present two of them  
to show it is you, and then you can substitute a new identifier so  
that you again have a redundant set.

An implementation of this would be to have two URLs and one public/ 
private key pair. The URLs each contain a document that references the  
other URLs as well as contains the public key. Messages are signed by  
the private key and include a signature of the public key as well as  
the two URLs. Message verification is done by fetching the documents  
at each URL and verifying the signature.

In a world of opaque identifiers and smart clients, this all can be  
transparent to the user. They just saw they want to log in with a  
particular identifier set.

If anyone is interested in discussing this further, please let me know.

-- Dick


On 30-Oct-08, at 1:50 PM, Andrew Arnott wrote:

> Let me prelude this email with the sincere hope I have that OpenID  
> can succeed.  But it has a problem, as I see it, that I'm interested  
> in hearing people's take on.
>
> First, let's review that there are 2 actual Identifier types, with a  
> possible 3rd:
> URIs
> XRIs
> Possibly email addresses in the future.
> DNS admins/domain name owners ultimately control URIs and email  
> addresses, which puts them at risk of domains being canceled or evil  
> DNS admins.
>
> XRIs are not supposed to be so-controlled.  If big OPs like Yahoo  
> would host XRIs instead of URIs, and if those XRIs were guaranteed  
> to be resolvable and completely under my own control even after I  
> leave Yahoo or Yahoo goes out of business, then we have a solution I  
> would find acceptable.
>
> Currently, if I were to recommend my Mom get an openid, I would not  
> trust her to find herself an OpenID Provider that would likely be  
> around in 5 years... let alone 30.  Every business on the Internet  
> may be gone in 30 years.  Let's assume you can't guess a Provider  
> that will last that long.  That's fine for you and me, because own  
> our own domain names and use XRDS files and such so that our  
> identity is "portable" on the Internet.  But that's way too  
> complicated for 99% of the users out there.  A service might crop up  
> that offers this OP indirection service in an easy-to-use interface,  
> but that itself is a risk of something that might go out of business  
> and then what does Mom do!
>
> XRIs are the only hope OpenID has of being reliable, in my opinion,  
> because of the risk to the average user of the Provider being pulled  
> out from under them.
>
> Short of solving these problems, I can't help but think that  
> Cardspace/X.509 or similarly user-hosted identities will eventually  
> be the only solution.  The problem with these alternatives today is  
> that they are harder for RPs to support, and the client certificates  
> themselves aren't portable for Mom, in that if she uses someone  
> else's computer she can't log in with her certificates.  But thumb  
> drives have become nearly ubiquitous.  Once they come with smart  
> chips that manage certificates in a secure manner even when plugged  
> into untrusted computers, and the UX for them improve, then nothing  
> technologically stands in their way of replacing OpenID since there  
> is no risk of a Provider going out of business and taking Mom's  
> identity down with it.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081030/5d3c291d/attachment-0002.htm>

More information about the general mailing list