[OpenID] On the portability of identifiers
Ben Laurie
benl at google.com
Fri Oct 31 13:17:05 UTC 2008
On Fri, Oct 31, 2008 at 4:17 AM, Dick Hardt <dick.hardt at gmail.com> wrote:
> I gave a presentation on this problem and a possible solution at the last
> IIW. (I should write up a blog post or something about it.)
> I described the problem as a loss of control of the identifier. XRIs have a
> layer of indirection on the identifier, but there is still just the one
> identifier, and if someone else has control of it, then they control your
> online persona that you have established with it. Certs have a different,
> but effectively similar problem you describe. If you lose the private key,
> you have lost control of the identifier.
> One way of solving this is to have more then one identifier -- essentially
> an identifier set -- so that if you lose control of one identifier, you have
> not lost control of the identifier set. If the set has three identifiers,
> then you only need to present two of them to show it is you, and then you
> can substitute a new identifier so that you again have a redundant set.
> An implementation of this would be to have two URLs and one public/private
> key pair. The URLs each contain a document that references the other URLs as
> well as contains the public key. Messages are signed by the private key and
> include a signature of the public key as well as the two URLs. Message
> verification is done by fetching the documents at each URL and verifying the
> signature.
> In a world of opaque identifiers and smart clients, this all can be
> transparent to the user. They just saw they want to log in with a particular
> identifier set.
> If anyone is interested in discussing this further, please let me know.
I'm certainly interested in the problem, but I'm not sure this
solution makes sense to me - certainly the concept of k of n
identifiers being sufficient is a good one, but I'm not getting the
details of this plan: what is the value of the signatures on the
documents at the URLs?
> -- Dick
>
> On 30-Oct-08, at 1:50 PM, Andrew Arnott wrote:
>
> Let me prelude this email with the sincere hope I have that OpenID can
> succeed. But it has a problem, as I see it, that I'm interested in hearing
> people's take on.
> First, let's review that there are 2 actual Identifier types, with a
> possible 3rd:
>
> URIs
> XRIs
> Possibly email addresses in the future.
>
> DNS admins/domain name owners ultimately control URIs and email addresses,
> which puts them at risk of domains being canceled or evil DNS admins.
> XRIs are not supposed to be so-controlled. If big OPs like Yahoo would host
> XRIs instead of URIs, and if those XRIs were guaranteed to be resolvable and
> completely under my own control even after I leave Yahoo or Yahoo goes out
> of business, then we have a solution I would find acceptable.
>
> Currently, if I were to recommend my Mom get an openid, I would not trust
> her to find herself an OpenID Provider that would likely be around in 5
> years... let alone 30. Every business on the Internet may be gone in 30
> years. Let's assume you can't guess a Provider that will last that long.
> That's fine for you and me, because own our own domain names and use XRDS
> files and such so that our identity is "portable" on the Internet. But
> that's way too complicated for 99% of the users out there. A service might
> crop up that offers this OP indirection service in an easy-to-use interface,
> but that itself is a risk of something that might go out of business and
> then what does Mom do!
> XRIs are the only hope OpenID has of being reliable, in my opinion, because
> of the risk to the average user of the Provider being pulled out from under
> them.
> Short of solving these problems, I can't help but think that Cardspace/X.509
> or similarly user-hosted identities will eventually be the only solution.
> The problem with these alternatives today is that they are harder for RPs
> to support, and the client certificates themselves aren't portable for Mom,
> in that if she uses someone else's computer she can't log in with her
> certificates. But thumb drives have become nearly ubiquitous. Once they
> come with smart chips that manage certificates in a secure manner even when
> plugged into untrusted computers, and the UX for them improve, then nothing
> technologically stands in their way of replacing OpenID since there is no
> risk of a Provider going out of business and taking Mom's identity down with
> it.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list