[OpenID] "This is user's URI" for Assertion Quality Extension

SitG Admin sysadmin at shadowsinthegarden.com
Sat Sep 6 02:39:22 UTC 2008 

>So the RP would end up exactly the same identifier an RP would dicover if I
>logged in as =drummond.

I could keep track of which you entered, though this isn't covered 
from within the spec. But this isn't very useful past OpenID v1.

>That's the way directed identity is designed to work. It's not necessarily
>about anonymity -- it's about letting the user choose their URI at the OP

That it *can* be used for anonymity is sufficient reason to begin 
accounting for that usage in advance.

>It can and should be the user's choice what URIs
>he/she shares with what sites.

Choice is more like chaos without some knowledge to inform it. Being 
able to detect what the user is doing and advise them of what that 
*means* is akin to error reporting; it would be nice if OP's were 
responsible for all of this, but we shouldn't rely on all OP's 
sharing the same view of what qualifies as erroneous - nor can we 
rely on them to inform RP's of user's choices when those RP's might 
offer contradictory advice. When it comes to information warfare, I 
prefer full and pre-emptive disclosure, but the challenge here is 
getting information to the users when they won't go looking because 
they know what they were told is right.

General principles aside, a RP should be able to inform a user *in 
advance* of things like "If, later on, we see the URI you are using 
here, but on some other site, we will raise the value of your 
Identity accordingly, and grant you higher privileges on our site . . 
. now, here are the consequences *we think* you should be aware of, 
to doing so." - whatever is specific to that RP, instead of expecting 
OP's to anticipate and keep track of everything so they can apprise 
the user of the implications of their (the user's) decisions.

>If a site has a particular reason to know
>that a user has shared a particular URI with another particular site, that's
>different -- and the OpenID protocol could be used to prove that. But I
>don't think that's what you're asking.

True, this is more of a pre-emptive question:

>Obvious use case would be that psudonimous user wanting to be
>recognized as the same person as the previous visit but not willing to
>give up his privacy. Thisbis a classic use case in both XRI and Liberty.
>
>=nat at Tokyo via iPhone

I was a bit confused at first, thinking "This is what we have 
already, not knowing if the user is 'anonymous' but being able to 
identify them from session to session.", and then I realized the 
application for pro-privacy^1 sites: being able to detect that a user 
has an identifier which *could* be used, in the future, on other 
sites - and warning them "If this site's records are compromised, 
your main URI would be too, so we recommend you to use an anonymous 
URI here and preserve your main URI for sites where you want that and 
others to know you by the same digital identity."

Whereas, with a URI that isn't found on Google (yet), how could a RP 
know whether it was seeing a unique URI that would only be used for 
that RP, or a "real" URI that might later show up on other sites?

^1) As a pro-privacy site, I would probably alternate between 
recommending new users to be anonymous and recommending them not to 
be. Or both at the same time: "I tried entering my claimed_id and you 
said it was safer to be anonymous, so I tried being anonymous and you 
said that typing in my claimed_id would be better. Make up your mind!"

-Shade

Postscript: it might be helpful if I referenced Andrew Arnott's 
message (on the general list) that inspired this?
http://openid.net/pipermail/general/2008-September/005453.html

More information about the general mailing list