[OpenID] Re: last mile politics

SitG Admin sysadmin at shadowsinthegarden.com
Fri Jul 8 06:00:19 UTC 2011 

>Much as in the PKI era, these will not be built in the interests of 
>individuals in society. Lose your access as a subscriber at an IDP 
>or lose a rights to a name during a pending dispute, you WILL lose 
>access at your SP sites -since they are tightly bound to the OP.
>
>This is not a viable national infrastructure. Its certainly not a 
>viable trans-national infrastructure.

Recent years have seen projects for UCI independence (Tor in every 
router, wallplug servers every person can carry with them, p2p wifi 
over low-orbit hot air balloons), words like "convergence" coming to 
mind. The technologies were all there; OpenID seemed like one of 
them, but active use slowly left more of an impression that it was 
developing in a different direction.

The practical limits are not just Name (unique entry in namespace 
governed by authoritative gatekeeper) versus Number (signed 
crytographic key/card/cert/etc), where those sites unable (or 
unwilling) to make the switch toward a more secure means of 
authentication must deal with 3rd parties that promise to have done 
those security checks, and will translate it to a unique 
corresponding entry in namespace; SP's will also have access to their 
immediate networks only. (Yes, some sites can alternately be reached 
through Tor/I2P addresses - but if you gave them a street address, 
they would choke in puzzlement, whereas a different company on the 
main internet might offer to provide a proxy service for reaching a 
person at that address through snailmail, whatever.) When there *is 
no* direct channel of communication between SP and IDP, they *must* 
relay information to each other through trusted (by both) proxies, 
possibly a chain of them. (XRI was supposed to help with this.)

Proxies seem to challenge the OpenID security model at first, but on 
further reflection are probably integral to the future use-cases. I 
still have doubts about using proxies within the same network (where 
direct communication *can* take place), but it's likely I just don't 
understand what the service is trying to offer.

-Shade

More information about the general mailing list