<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
p.Default, li.Default, div.Default
{mso-style-name:Default;
margin:0in;
margin-bottom:.0001pt;
text-autospace:none;
font-size:12.0pt;
font-family:"Arial","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'>I
just reread Drummond et al’s infamous (really, well-written) paper on the
design motivations of openid auth 2.0, particularly as those motivations refer
to discovery. It’s well worth rereading, occasionally.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'><o:p> </o:p></span></p>
<p class=Default><o:p> </o:p></p>
<p class=Default align=center style='margin-bottom:3.0pt;text-align:center'> <b><span
style='font-size:18.0pt'>OpenID Identity Discovery with XRI and XRDS </span></b><span
style='font-size:18.0pt'><o:p></o:p></span></p>
<p class=Default><span style='color:windowtext'><o:p> </o:p></span></p>
<p class=Default><span style='color:windowtext'> <o:p></o:p></span></p>
<p class=Default align=center style='text-align:center'><span style='font-size:
11.5pt;color:windowtext'>Drummond Reed <o:p></o:p></span></p>
<p class=Default align=center style='margin-bottom:4.0pt;text-align:center'><span
style='font-size:10.0pt;color:windowtext'>Cordance Corp. 3020 Issaquah-Pinelake
RDF #74 Sammamish WA 98075 +1.206.618.8530 <o:p></o:p></span></p>
<p class=Default align=center style='margin-bottom:3.0pt;text-align:center'><span
style='font-size:11.5pt;color:windowtext'>drummond.reed@cordance.net <o:p></o:p></span></p>
<p class=Default align=center style='text-align:center'><span style='font-size:
11.5pt;color:windowtext'>Les Chasen <o:p></o:p></span></p>
<p class=Default align=center style='margin-bottom:4.0pt;text-align:center'><span
style='font-size:10.0pt;color:windowtext'>Neustar, Inc. 46000 Center Oak Plaza
Sterling VA 20166 +1.571.434.5474 <o:p></o:p></span></p>
<p class=Default align=center style='margin-bottom:3.0pt;text-align:center'><span
style='font-size:11.5pt;color:windowtext'>les.chasen@neustar.biz <o:p></o:p></span></p>
<p class=Default align=center style='text-align:center'><span style='font-size:
11.5pt;color:windowtext'>William Tan <o:p></o:p></span></p>
<p class=Default align=center style='margin-bottom:4.0pt;text-align:center'><span
style='font-size:10.0pt;color:windowtext'>Neustar, Inc. 46000 Center Oak Plaza
Sterling VA 20166 +1.571.434.5400 <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.5pt'><a
href="mailto:william.tan@neustar.biz">william.tan@neustar.biz</a><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'>On the
matter of directed id, it mentions only (almost as an afterthought) the
constraint that an OP MAY impose on the directed identities about which it
makes assertions: that when -- and if -- an OP assigns i-numbers in ITS OWN
DELEGATION space, than the persistence and security properties of XRIs
hold for the directed id flow. {PW paraphrase, hopefully accurate]. As far I my
limited ability allow, I think that the properties hold even if the OP masks
the values to create a pairwise identity value.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'>This
is all interesting for two reasons;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'>The first
is for what it seems to say implicitly : that, during directed identity, an
OP MAY assert an i-number that (a) it has not assigned, or (b) it has assigned
from a namespace other than the delegation space of the particular OP
Identifier cited in the request. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-family:"Cambria","serif";color:black'>The second
concerns OAUTH and OpenID – since they are befriending each other again.
There its interesting to note comments about the anticipated role of localid: “</span><span
style='font-family:"Cambria","serif";color:black'>new trust models based on
existing XRDS elements such as </span><span style='font-family:"Cambria","serif";
color:black'><xrd:ProviderID> </span><span style='font-family:"Cambria","serif";
color:black'>and </span><span style='font-family:"Cambria","serif";color:black'><xrd:LocalID>”.
That is: localid as the “vehicle” for representing the long lost
OpenID trust model. (I have long considered that an ideal localid would
be an encoded X.509 cert, one of whose subject names would be the HXRI or
the classical openid URL-like identifier.)</span><span style='font-size:9.0pt;
font-family:"Cambria","serif"'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>Peter
Williams<br>
<b>Sent:</b> Monday, November 10, 2008 7:28 AM<br>
<b>Cc:</b> OpenID List<br>
<b>Subject:</b> [LIKELY_SPAM]Re: [OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re:
Problems with delegation and directed identity OPs<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";
color:#4F81BD'>More on this topic:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";
color:#4F81BD'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN style='font-family:"Calibri","sans-serif";
color:#4F81BD'>Though in our experiments where an OpenID2 OP fronted a SAML2
sp-initiator entity requiring the IDP to use a persistent format (which
passes a SAMl2”masked identity cliam” through to the OpenID RP),I
still considered the solution consistent with the definition:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN style='font-family:"Verdana","sans-serif";
color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
</div>
</body>
</html>