Blog URI, is it necessary?

ydnar ydnar at shaderlab.com
Fri May 20 09:01:14 PDT 2005 

An OpenID server is vouching for the person using the browser, asserting 
they own/control the input URL.

Alice needs to provide a unique URL that she has implied control over. 
This keeps a 1:1 mapping between a URL and a "user." LiveJournal can't 
go around asserting http://livejournal.com for everyone.

However, this is not to say, a site (Craigslist for instance) can't 
piggyback OpenID on top of its anonymizing code and provide its users 
with an anonymous URL that can be asserted without tying it to an 
individual user:

http://anon-5812930492.craigslist.org

y



Ben Hyde wrote:

> Interesting work going on here!
>
> I don't pretend to understand the design entirely at this point.  You 
> can tell I don't because the blog posting[1] I wrote last night 
> suffers from a bit of deep confusion.
>
> I skimmed the "how it works" page and over generalized.  The how it 
> works page shows the user being prompted for the the URL of his blog.  
> I projected my own assumptions of how to do this and assumed that the 
> user was being prompted for the URL of what I call a "vouching server" 
> in the posting.
>
> Why is it better to ask the user to reveal his blog's URL?   When he 
> reveals that he is revealing quite a lot of information about 
> himself.  If you ask him instead to reveal only the name of a site 
> that can vouch/introduce/ID him then you minimize how much he is 
> forced to reveal himself to the site he's visiting.
>
> In my naiveté it appears that this change is very low impact.
>
> In my confused blog posting I suggest there are these players in the 
> senario.
>   - the anonymous visitor
>   - the suspicious site (which would like to get a better handle on 
> this anonymous visitor)
>   - the vouching site (which is willing to help the anon-visitor and 
> the suspicious-site work thru this problem)
>
> Call these Alice, Steve, and Victor respectively.
>
> If Alice enter's  horde-of-bloggers.com (a blogging mega-site) rather 
> than innocent-child.horde-of-bloggers.com (her blog of embarrassing 
> poetry) it appears that the Steve can still work with Victor and Alice 
> to get the tiny minimal bit of handle that Steve needs to feel more 
> comfortable about Alice.
>
> So, my question:  Is it really necessary to insist that Alice reveal 
> to Steve her blog?  Isn't it sufficent and better to just ask Alice to 
> suggest a Victor who can vouch for her?   What would this change break?
>
>   - ben
>
> [1] http://enthusiasm.cozy.org/archives/2005/05/openid/
>
> ----
> http://enthusiasm.cozy.org   http://gibbon.cozy.org   tel:+1-781-240-2221
>  I forecast sunny weather!
>
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>

More information about the yadis mailing list