Do We Agree on the Problem We're Trying to Solve?

David Fuelling sappenin at gmail.com
Fri Jun 8 22:16:02 UTC 2007 

Wrt to the problems we're trying to solve, I think that we should define a
(C) (which is similar to (A), yet instigated by the user and doesn't trigger
an RP recycle) and a (D).

In summary:

A) Identifier recycling normally in large user-base deployments.   i.e.
<insert big company> needs a way to give 'TheBestUsernameEver' to a new
user if it has not been used in some period of time.

B) Losing control of your own domain name whether that be via someone
stealing it or just that you don't want to have to pay for it forever.

C) If I change my OP (i.e., I start using an OpenId with a different URL), I
should still be able to use all of my existing RP accounts with my new OP,
and prevent my old OP from making assertions for me moving forward.

D) Publicly displayed OpenID's should be distinguishable from one owner to
the next.

IMHO, Canonical ID's seem to solve (A), (B - to some degree - the canonical
URL might get lost, but this could be mitigated), and (C), whereas Fragments
solve (A) and (D), so why not use both?  Plus, (B) can be solved via AX
using private tokens that only an OP, the User, and an RP know (see my
previous post, but make the tokens private).

Side Note: Can't an OP use canonical URL ID's today without adjusting the
current 2.0 spec?  It seems like the proposal is just a Yadis adjustment.

David

On 6/8/07, Recordon, David <drecordon at verisign.com> wrote:
>
> I'm not sure if we all think we're trying to solve the same problem.
> The two problems that have been discussed are:
> A) Identifier recycling normally in large user-base deployments.  i.e.
> <insert big company> needs a way to give 'TheBestUsernameEver' to a new
> user if it has not been used in some period of time.
> B) Losing control of your own domain name whether that be via someone
> stealing it or just that you don't want to have to pay for it forever.
>
> Have we made a decision as to if we're looking for a solution to solve
> both of these problems, only A, or only B?
>
> --David
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070608/b11c2c7f/attachment-0002.htm>

More information about the specs mailing list