Where is your XRDS file? I'd like to see how this mapping works. I thought delegation rules were all about "at this OP use this identity". But it sounds like you've got "at this RP use this identity". How does that work?<br>
<br><div class="gmail_quote">On Tue, Oct 21, 2008 at 2:38 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
And this is the 100% delegation model. I have a XRDS file on the web, a 100 links to consumer apps, and there are a 100 delegations in the XRDS file. I only login to RP by noting the openid to myfile, whereupon delegation rules and bilateral discovery maps that to the OP provider the RP site is willing to use. If using PAPE extensions in the XRDS, RP might choose between two OPs based on auth policy/level advertisement.<br>
<br>
This is rather different to the properties provided by directed identity at a single OP, note. Any OP of any large size, e.g. one bound by EV rules, will be spying on me. It's irrelevant what they say do: they have to retain the data, for correlation of who is communicating with whom (a trivially easy wiretap order to obtain).<br>
<div class="Ih2E3d"><br>
-----Original Message-----<br>
From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>] On Behalf Of SitG Admin<br>
Sent: Tuesday, October 21, 2008 2:27 PM<br>
<br>
<br>
And let's say you're willing to give up this convenience: NOTHING is<br>
preventing you from having more than one ID! You can easily use one<br>
OpenID per site, preventing those sites from connecting your ID at<br>
one site with your ID at another site just by comparing notes.<br>
<br>
-Shade<br>
</div><div><div></div><div class="Wj3C7c">_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>