Dealing with renames

Ask Bjørn Hansen ask at develooper.com
Sun May 29 16:34:18 PDT 2005


On May 29, 2005, at 4:27 AM, Karl Koscher wrote:

[...]
> So, is there a good solution to this? Should we even worry about  
> it? One thing I was thinking of is having the identity server  
> return some unique ID that always maps to that particular user on  
> that identity server. The unique ID doesn't have to mean anything  
> to anyone except the identity server.

The ID server shouldn't do that.    http://domain/someguy/ and http:// 
domain/anotherguy/ might be different "personas" for me, even if I'm  
the same user on the ID server.

Also, I'm still http://domain/someguy/ even if I change from using LJ  
as my ID server to using http://www.openlogin.net/; so that should be  
supported.


One possible solution (quickly getting into More Complicated Than We  
Want Territory) could be something along these lines:

You put a root type certificate and a revocation list on your site  
and then give the ID server a certificate it can sign the request  
with on your behalf.

The private key to the root certificate is on your local computer and  
the consumer can then use the fingerprint from the root certificate  
on your site for your user-id.


  - ask

-- 
http://www.askbjoernhansen.com/



More information about the yadis mailing list