[OpenID] Promoting delegation...
Peter Watkins
peterw at tux.org
Sat Jun 19 01:01:22 UTC 2010
On Fri, Jun 18, 2010 at 11:51:16AM -0700, Chris Messina wrote:
> Turns out people aren't apparently familiar with the delegation feature of
> OpenID, given the response to my comments on This Week in Google and Gina
> Tripani's followup post:
>
> http://smarterware.org/6286/how-to-set-up-openid-on-your-own-domain/
>
> Turns out people seem to like this feature after all!
That's not at all what I'd consider "delegation". I opened your message
expecting to see some proposal for one identifier to delegate some kind
of authority to another identifier (e.g. a physician delegating to his
non-MD office manager authority to deal with billing systems).
(It would be nice if OpenID could solve that sort of delegation problem,
if the delegation tokens could be handled at the OP instead of multiple
disparate RP sites developing their own delegation models...)
I think this old feature of using discovery to associate URLs with
arbitrary 3rd-party OPs is probably going to become *less valuable* over
time, if only because OpenID is drifting toward 100% https operation, and
most small, personal domains will have a hard time coughing up the extra money
for the dedicated IPv4 address that's needed to run an https site (I assume
the IETF TLS working groups still hasn't made much headway in making
TLS v.Next support hostname negotiation, to say nothing of getting the
capability deployed to a significant majority of client devices). It would
subvert the whole https model if the very first step in discovery involves
requesting a document with an http: address like http://ginatrapani.org/ .
-Peter
More information about the general
mailing list