XRI confusion

Dick Hardt dick at sxip.com
Thu Oct 19 16:25:36 UTC 2006 

That provides clarity on the process, thanks. If the user knows that  
their i-name has been changed,
then when you write here:

	http://www.lifewiki.net/openid/ConsolidatedDelegationProposal

	Summary of Motivations:
	...
	4. Enable RPs to take advantage of XRI CanonicalDs to protect End-Users
	from ever having their Portable Identifier reassigned (and thus  
their identity taken over).

... his is just in case they don't get alerted to their i-name being  
changed?

btw: I have no idea what my i-numbers are, and it was not clear to me  
that I had them when I got them. I think there are some real  
usability issues here, but this is likely not the place to address  
those. :-)

-- Dick

On 19-Oct-06, at 8:12 AM, Drummond Reed wrote:

> Exactly. An i-name being reassigned is very similar to a domain  
> name being
> reassigned -- the previous owner is going to know they no longer  
> own it.
>
> For example, if you register blame.ca, you're going to receive  
> multiple
> notices from your DNS registrar that you need to renew it, and if  
> you don't,
> you know it is almost certain to be reassigned. The same is true  
> for i-name
> registrants.
>
> With regard to i-numbers, every registrant is notified of their i- 
> number,
> and their i-broker retains a record of the i-number. Because an i- 
> number is
> NEVER reassigned, if a registrant chooses not to renew an i-name, they
> ALWAYS have their i-number.
>
> Note that since the i-name and i-number are directly synonymous,  
> i.e., the
> i-number resolves the same XRDS as the i-name, if a registrant know  
> their
> i-number, they can always use it to login at any OpenID RP at which  
> they had
> previously used any i-name synonym for that i-number.
>
> =Drummond
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On  
> Behalf
> Of Recordon, David
> Sent: Thursday, October 19, 2006 4:09 AM
> To: Dick Hardt; Martin Atkins
> Cc: specs at openid.net
> Subject: RE: XRI confusion
>
> How would Alice buy =foo when Bob already owns it?
>
> --David
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf Of Dick Hardt
> Sent: Thursday, October 19, 2006 3:58 AM
> To: Martin Atkins
> Cc: specs at openid.net
> Subject: Re: XRI confusion
>
>
> On 19-Oct-06, at 12:44 AM, Martin Atkins wrote:
>
>> Dick Hardt wrote:
>>>
>>> How would a user ever learn what their CanonicalID is?
>>
>> The user doesn't need to know his i-number. The system discovers that
>> for him.
>>
>>> If there Portable Identifier (i-name) is reassigned, then they will
>>> be sent to an IdP for the new Canonical ID is, expecting credentials
>>> from the new owner. The user will never make it back to the RP, and
>>> they will have no easy way of proving they are the owner of the
>>> CanonicalID.
>>
>> I don't really understand this paragraph, but when the i-name is
>> reassigned it'll cease to point at the same XRDS and will thus not
>> point at the IdP anymore - unless the new owner also has an account
>> with that IdP, of course. But they have a different i-number, so the
>> IdP can distinguish them.
>
> Bob has the i-name =foo. Alice has =foo reassigned to her. Bob does  
> not
> know this. Bob goes to an RP, enters =foo and gets sent somewhere he
> cannot authenticate since =foo resolves somewhere else.
>
> Bob does not know what to do. =foo does not resolve to his i-number  
> any
> more. How does he find out what it is so that he can get a his i- name
> to point to it?
>
>>
>>> Additionally, in the proposal, the i-name is not sent from the RP to
>>> the IdP, so how does the IdP know which i-name to address the user
>>> as?
>>
>> I would hope that an IdP, given that I've already established a
>> relationship with it, can find something better to address me with
>> than a URI. It should be calling me "Martin".
>
> Perhaps, although I would like my IdP to let me know which  
> Identifier I
> am going to present to the RP.
>
> -- Dick
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>

More information about the specs mailing list