Browser Login Plugin
Ben Nolan
bnolan at gmail.com
Thu May 19 16:21:00 PDT 2005
(I'm ashamed of my url to private key idea) ;)
If consumers had private keys (which would suck as a requirement... too
> much pain), then what do they get from signing a trackback? What does,
> say, LiveJournal benefit from getting a trackback that's singed from
> someblog.com <http://someblog.com>? That we know it came from someblog and
> can trust it? We
> can't trust the contents... so that the origin is correct? I'm not
> bashing this idea... I just don't fully understand what's being
> verified/protected.
>
We're verifying that the comment came from someblog. And we trust someblog
to *some extent* (because we shared our identity with it) - so we'll trust
it enough to post a trackback to a comment we made. The purpose of this is
that we can recieve notification of comments that we post in the
'blogosphere', so that I an keep a track of comments I make.
The consumer could also use their public key to sign any posts they send to
my weblog, so my identity server could tell my wordpress install to trust
someblog - then if our atom api recieves a request with the querystring
params openid.trust_root=http://someblog/&openid.sig=... it'd know to accept
that post.
It just seems a simple way to let consumers identify themselves to services
other than the identity server.
And the public key would be *totally* optional for consumers, but if we add
a recommendation that ID servers record the URLs to consumers public keys,
it gives us lots of flexibility with no additional work for consumers, and
minimal extra work for ID servers.
Hope that makes more sense this time.
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20050520/4db675b1/attachment.htm
More information about the yadis
mailing list