XRI confusion

Drummond Reed drummond.reed at cordance.net
Thu Oct 19 15:12:58 UTC 2006 

Exactly. An i-name being reassigned is very similar to a domain name being
reassigned -- the previous owner is going to know they no longer own it.

For example, if you register blame.ca, you're going to receive multiple
notices from your DNS registrar that you need to renew it, and if you don't,
you know it is almost certain to be reassigned. The same is true for i-name
registrants.

With regard to i-numbers, every registrant is notified of their i-number,
and their i-broker retains a record of the i-number. Because an i-number is
NEVER reassigned, if a registrant chooses not to renew an i-name, they
ALWAYS have their i-number.

Note that since the i-name and i-number are directly synonymous, i.e., the
i-number resolves the same XRDS as the i-name, if a registrant know their
i-number, they can always use it to login at any OpenID RP at which they had
previously used any i-name synonym for that i-number.

=Drummond 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Recordon, David
Sent: Thursday, October 19, 2006 4:09 AM
To: Dick Hardt; Martin Atkins
Cc: specs at openid.net
Subject: RE: XRI confusion

How would Alice buy =foo when Bob already owns it?

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Dick Hardt
Sent: Thursday, October 19, 2006 3:58 AM
To: Martin Atkins
Cc: specs at openid.net
Subject: Re: XRI confusion


On 19-Oct-06, at 12:44 AM, Martin Atkins wrote:

> Dick Hardt wrote:
>>
>> How would a user ever learn what their CanonicalID is?
>
> The user doesn't need to know his i-number. The system discovers that 
> for him.
>
>> If there Portable Identifier (i-name) is reassigned, then they will 
>> be sent to an IdP for the new Canonical ID is, expecting credentials 
>> from the new owner. The user will never make it back to the RP, and 
>> they will have no easy way of proving they are the owner of the 
>> CanonicalID.
>
> I don't really understand this paragraph, but when the i-name is 
> reassigned it'll cease to point at the same XRDS and will thus not 
> point at the IdP anymore - unless the new owner also has an account 
> with that IdP, of course. But they have a different i-number, so the 
> IdP can distinguish them.

Bob has the i-name =foo. Alice has =foo reassigned to her. Bob does not
know this. Bob goes to an RP, enters =foo and gets sent somewhere he
cannot authenticate since =foo resolves somewhere else.

Bob does not know what to do. =foo does not resolve to his i-number any
more. How does he find out what it is so that he can get a his i- name
to point to it?

>
>> Additionally, in the proposal, the i-name is not sent from the RP to 
>> the IdP, so how does the IdP know which i-name to address the user 
>> as?
>
> I would hope that an IdP, given that I've already established a 
> relationship with it, can find something better to address me with 
> than a URI. It should be calling me "Martin".

Perhaps, although I would like my IdP to let me know which Identifier I
am going to present to the RP.

-- Dick
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

More information about the specs mailing list