Dealing with renames
bhyde at pobox.com
Mon May 30 11:09:04 PDT 2005
I think the assertion returned by the ID server needs to change.
Let's say that we have the open ID martha.example.com, it's owned
first by Alice, and then later by Zeno. Assume that the same ID
server, Victor, is involved in both time periods. Assume that the same
client server, Sam, asks about it in both time periods.
Currently the assertion that Victor provides to Sam is identical
(excepting the time stamp) even though Victor knows that Alice isn't
That is bogus.
The fix is easy, but it requires adding something to the assertion.
Have Victor add something that changes when the owner changes.
The added field is based on Victor's knowledge of Alice (or Zeno).
But it should reveal almost nothing about them to Sam. So it might be
something like SHA1("Sam", "Alice", "victor_private_salt"). This
value is an opaque identifier for Alice that can only be dereferenced
back to Alice by Victor. Call this the opaque_id.
Meanwhile the spec needs to be clear that assertions from two different
ID servers (i.e. Victor-1 and Victor-2) about the
same ID are entirely independent. ID clients of the assertions are
careful about that, and pay attention to the opaque id they get back,
then they can avoid assuming that Alice is Zeno.
More information about the yadis