[Openid-specs-ab] userid/domain/server_id
Nat Sakimura
sakimura at gmail.com
Fri Jan 7 08:07:41 UTC 2011
I had a talk with JohnB. this morning.
Considering third party claims provider use case, it is handy to have a
globally unique user identifier.
There are two ways of doing it.
1. Use the complex type identifier. e.g., treat the combination of the
user_id and server_id/domain as the user identifier.
2. Pre-combine the two such as user_id at server_id OR urn:server_id/user_id
etc.
John's preference was option 2. above.
Also, we have talked a little bit over the domain transition use cases.
>From time to time, the domain get switched. e.g., facebook.com to fb.cometc.
To be insulated from it, it may be wise to use an abstract server_id instead
of the domain.
(It certainly is the case for relying parties when PPID is being used.)
Should we consider this? OR should we stick with the domain?
Note: If we are to use an abstract server_id, verification will probably
require signature verification.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110107/1794f1ba/attachment.html>
More information about the Openid-specs-ab
mailing list