[OpenID] XRD signing and a new kind of Claimed Identifier

[Andrew Arnott]

I haven't read the XRD spec draft, so I don't know how well this would fit
in, but I wonder...
Could we put a public key in an XRD file, and have the authentication
process be that the OP proves it has the private key, and then the public
key is the claimed identifier?  If we could pull this off we'd totally solve
the problem of being able to change the URI or XRI identifier while still
maintaining the user account at each RP; and similarly we could abandon a
URL without fear of someone else picking it up and stealing the old user's
identity.

Basically, have many of the same benefits of XRIs today, except without the
annual fee of owning a top-level i-name, and without being locked down to
one XRI service.  For example I have a few i-names, each with their own
i-number, but these numbers aren't really portable.  AFAIK I can't abandon
all my i-names, then acquire all new i-names with different services and
different numbers of * characters in them, and then hook up my old i-numbers
and expect it all to work.

Is this way off base, or a possibility?

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090604/cd7e4bae/attachment.htm>