The fourth player

Brad Fitzpatrick brad at danga.com
Tue Jun 28 09:29:47 PDT 2005 

Preaching the choir, mate.  :-)

Or do you propose some new wording for the openid website to warn people
of this?  It seems most people with domains have already done the delegate
thing, judging by the dozens of comments I've gotten using OpenID.


On Tue, 28 Jun 2005, Martin Atkins wrote:

> We've got a system now which allows many people to authenticate to many
> sites using one of many identity servers. The user is free to switch
> identity servers at will through the delegate mechanism.
>
> There is one player we've not been considering, though. Let's call them
> the "identity provider". The identity provider is the ultimate
> controller of the identity URL. In the case of bradfitz.com, the
> identity provider is Brad himself because it's his domain and his
> server. However, in the case of frank.livejournal.com. the identity
> provider is LiveJournal. By using frank.livejournal.com as your
> identity, you are (assuming you want to keep using that identity
> forever) tied to LiveJournal. If LiveJournal goes away, your identity
> goes with it. If LiveJournal starts operating in a way that you find
> distasteful, you are locked in.
>
> This is just the result of using URLs. It's not necessarily a problem.
> It just means that one must pick one's identity URLs wisely. If you
> intend your identity URL to last forever, make sure it's in a domain
> completely under your own control. If you're just a LiveJournal user
> leaving a comment for a friend on DeadJournal, a livejournal.com
> identity will do you just fine; if LiveJournal goes away, you'll just
> get yourself an account at GreatestJournal.
>
> So I'm not really pushing for a solution, I just think it's worth
> bearing this in mind. It's still decentralized: you can pick whatever
> identity provider you like. The solution is to plan ahead and pick an
> identity provider you can trust. If you want to be really sure, you can
> pick yourself. All you have to do is get a domain; The delegation
> mechanism ensures that you can swich between ID servers at will
> regardless of what your main identity is.
>
>

More information about the yadis mailing list