XRI confusion

Recordon, David drecordon at verisign.com
Thu Oct 19 11:09:24 UTC 2006


How would Alice buy =foo when Bob already owns it?

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Dick Hardt
Sent: Thursday, October 19, 2006 3:58 AM
To: Martin Atkins
Cc: specs at openid.net
Subject: Re: XRI confusion


On 19-Oct-06, at 12:44 AM, Martin Atkins wrote:

> Dick Hardt wrote:
>>
>> How would a user ever learn what their CanonicalID is?
>
> The user doesn't need to know his i-number. The system discovers that 
> for him.
>
>> If there Portable Identifier (i-name) is reassigned, then they will 
>> be sent to an IdP for the new Canonical ID is, expecting credentials 
>> from the new owner. The user will never make it back to the RP, and 
>> they will have no easy way of proving they are the owner of the 
>> CanonicalID.
>
> I don't really understand this paragraph, but when the i-name is 
> reassigned it'll cease to point at the same XRDS and will thus not 
> point at the IdP anymore - unless the new owner also has an account 
> with that IdP, of course. But they have a different i-number, so the 
> IdP can distinguish them.

Bob has the i-name =foo. Alice has =foo reassigned to her. Bob does not
know this. Bob goes to an RP, enters =foo and gets sent somewhere he
cannot authenticate since =foo resolves somewhere else.

Bob does not know what to do. =foo does not resolve to his i-number any
more. How does he find out what it is so that he can get a his i- name
to point to it?

>
>> Additionally, in the proposal, the i-name is not sent from the RP to 
>> the IdP, so how does the IdP know which i-name to address the user 
>> as?
>
> I would hope that an IdP, given that I've already established a 
> relationship with it, can find something better to address me with 
> than a URI. It should be calling me "Martin".

Perhaps, although I would like my IdP to let me know which Identifier I
am going to present to the RP.

-- Dick
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs




More information about the specs mailing list