<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Drummond Reed wrote:
<blockquote cite="mid0aba01c6f869$a9e66120$0d28a8c0@ELROND" type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Josh Hoyt wrote:
If the user uses different IdP-specific identifiers for each portable
identifier, I don't see how they can be correlated.
</pre>
</blockquote>
<pre wrap="">Pete Rowley wrote:
Unless I mis-understand the the OpenID discovery mechanism - at the
point of discovery, which can be done out of band in a spider like web
harvesting fashion. Any one discovery point contains your identity map.
</pre>
</blockquote>
<pre wrap=""><!---->
What Josh is describing here is actually an implementation of your
suggestion, Pete, that the IdP could support the non-correlation of portable
OpenID identifiers. Here's how it works:
* For each portable-identifier, you (or your identifier registrar) publishes
a *separate* XRDS document with a separate IdP-specific identifier. None of
these XRDS documents references any of the others.
* Now there is no way for a bot to discover a correlation between these
portable identifiers (or their paired IdP-specific identifiers), other than
they are all authenticated by the same IdP (the non-correlatability of which
depends on the number of customers/identifier served by that IdP).
</pre>
</blockquote>
Yep. IdP hosted portable identifiers avoids correlation.<br>
<br>
However, I thought that was _not_ the original suggestion. Did we come
full circle? :)<br>
<br>
Drummond Reed wrote:
<br>
> 3) Allowing the user to control Claimed
<br>
> ... <snip><br>
> With Claimed
<br>
> Identifier-to-IdP-Specific-Identifier mapping, the user controls
which
<br>
> Claimed Identifier maps to which IdP-Specific-Identifier, and <b>is
NOT
<br>
> dependent on the IdP for this mapping</b> (which means it is
entirely portable).<br>
<br>
<pre class="moz-signature" cols="72">--
Pete
</pre>
</body>
</html>