[OpenID] last mile politics
Melvin Carvalho
melvincarvalho at gmail.com
Fri Jul 8 12:22:13 UTC 2011
On 8 July 2011 08:00, SitG Admin <sysadmin at shadowsinthegarden.com> wrote:
>> Much as in the PKI era, these will not be built in the interests of
>> individuals in society. Lose your access as a subscriber at an IDP or lose a
>> rights to a name during a pending dispute, you WILL lose access at your SP
>> sites -since they are tightly bound to the OP.
>>
>> This is not a viable national infrastructure. Its certainly not a viable
>> trans-national infrastructure.
>
> Recent years have seen projects for UCI independence (Tor in every router,
> wallplug servers every person can carry with them, p2p wifi over low-orbit
> hot air balloons), words like "convergence" coming to mind. The technologies
> were all there; OpenID seemed like one of them, but active use slowly left
> more of an impression that it was developing in a different direction.
Just a thought. Why not add a simple OpenID extension:
<link property="openid2.PublcKey" content="ABCD..." />
and bring openid into the world of PKI?
>
> The practical limits are not just Name (unique entry in namespace governed
> by authoritative gatekeeper) versus Number (signed crytographic
> key/card/cert/etc), where those sites unable (or unwilling) to make the
> switch toward a more secure means of authentication must deal with 3rd
> parties that promise to have done those security checks, and will translate
> it to a unique corresponding entry in namespace; SP's will also have access
> to their immediate networks only. (Yes, some sites can alternately be
> reached through Tor/I2P addresses - but if you gave them a street address,
> they would choke in puzzlement, whereas a different company on the main
> internet might offer to provide a proxy service for reaching a person at
> that address through snailmail, whatever.) When there *is no* direct channel
> of communication between SP and IDP, they *must* relay information to each
> other through trusted (by both) proxies, possibly a chain of them. (XRI was
> supposed to help with this.)
>
> Proxies seem to challenge the OpenID security model at first, but on further
> reflection are probably integral to the future use-cases. I still have
> doubts about using proxies within the same network (where direct
> communication *can* take place), but it's likely I just don't understand
> what the service is trying to offer.
>
> -Shade
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
More information about the general
mailing list