Dealing with renames

Ben Hyde bhyde at pobox.com
Mon May 30 11:09:04 PDT 2005


I think the assertion returned by the ID server needs to change.

Let's say that we have the open ID  martha.example.com, it's owned 
first by Alice, and then later by Zeno.  Assume that the same ID 
server, Victor, is involved in both time periods.  Assume that the same 
client server, Sam, asks about it in both time periods.

Currently the assertion that Victor provides to Sam is identical 
(excepting the time stamp) even though Victor knows that Alice isn't 
Zeno.

That is bogus.

The fix is easy, but it requires adding something to the assertion.

Have Victor add something that changes when the owner changes.

The added field is based on Victor's knowledge of Alice (or Zeno).   
But it should reveal almost nothing about them to Sam.  So it might be 
something like SHA1("Sam", "Alice", "victor_private_salt").   This 
value is an opaque identifier for Alice that can only be dereferenced 
back to Alice by Victor.  Call this the opaque_id.

Meanwhile the spec needs to be clear that assertions from two different 
ID servers (i.e. Victor-1 and Victor-2) about the
same ID are entirely independent.   ID clients of the assertions are 
careful about that, and pay attention to the opaque id they get back, 
then they can avoid assuming that Alice is Zeno.

   - ben



More information about the yadis mailing list