XRI confusion

[Dick Hardt]

On 19-Oct-06, at 12:44 AM, Martin Atkins wrote:

> Dick Hardt wrote:
>>
>> How would a user ever learn what their CanonicalID is?
>
> The user doesn't need to know his i-number. The system discovers that
> for him.
>
>> If there Portable Identifier (i-name) is reassigned, then they will
>> be sent to an IdP for the new Canonical ID is, expecting credentials
>> from the new owner. The user will never make it back to the RP, and
>> they will have no easy way of proving they are the owner of the
>> CanonicalID.
>
> I don't really understand this paragraph, but when the i-name is
> reassigned it'll cease to point at the same XRDS and will thus not  
> point
> at the IdP anymore — unless the new owner also has an account with  
> that
> IdP, of course. But they have a different i-number, so the IdP can
> distinguish them.

Bob has the i-name =foo. Alice has =foo reassigned to her. Bob does  
not know this. Bob goes to an RP, enters =foo and gets sent somewhere  
he cannot authenticate since =foo resolves somewhere else.

Bob does not know what to do. =foo does not resolve to his i-number  
any more. How does he find out what it is so that he can get a his i- 
name to point to it?

>
>> Additionally, in the proposal, the i-name is not sent from the RP to
>> the IdP, so how does the IdP know which i-name to address the user
>> as?
>
> I would hope that an IdP, given that I've already established a
> relationship with it, can find something better to address me with  
> than
> a URI. It should be calling me "Martin".

Perhaps, although I would like my IdP to let me know which Identifier  
I am going to present to the RP.

-- Dick