[OpenID] Live Icons for visual recognition of IDP logos
Rabbit
rabbit at cyberpunkrock.com
Fri Apr 3 08:28:44 UTC 2009
This thread is asking the question:
"How do I control my identity when I lose control over my identifier?"
I'm possibly misusing the term here but if OpenID is "user-centric"
then its recovery mechanism should be too. RP trusts OP to
authenticate the user. RP could also trust the OP to provide
information that can be used to authenticate the user independently
from the OP. This would be useful for a several reasons (one-to-one
privacy, OP unavailable, domain expiration, bear attacks a data
center, totalitarian government takes over).
Just to illustrate the concept further, here's an **example** of how
this could work. (Walk away with the concepts here, not the details,
please.)
When you sign up for the OP, you are asked to supply an emergency
passphrase. A signature is generated by the function
"hash( your_openid + emergency_pass )". This signature is given to
each RP you sign into. When your OP is not available, the RP can still
authenticate you by using the traditional "Identifier + Credential"
method in widespread usage today by asking you for your emergency
passphrase. The RP will never know your emergency passphrase until it
needs to know. Obviously, this must not be the same credentials used
to authenticate with your OP.
Again, the above is just an example. The concept can be expanded upon
to provide a decentralized account recovery protocol.
=Rabbit
More information about the general
mailing list