Dealing with renames
kris at bbridgetech.com
Mon May 30 12:14:19 PDT 2005
On 2005/05/30, at 11:09 AM, Ben Hyde wrote:
> That is bogus.
> The fix is easy, but it requires adding something to the assertion.
> Have Victor add something that changes when the owner changes.
On 2005/05/29, at 2:36 PM, Kristopher Tate wrote:
> [...] For OpenID, perhaps the server should create a sha1 hash of a
> unique id + fqdn, and then give it to the consumer for verification.
This is really simple, folks. On any SQL setup, you're bound to save
each record-set with an ID, right?
So, couple that with the fully qualified domain name
(example.[com|net|org]) add it to the assertion, and return it just the
same with all the other arguments.
Consumers now reference the hash, instead of the ID-URL. Remember, the
ID-URL is for the user.
The plus side to this is that there really is no restriction on the
Server's DB setup. As long as the Server can generate a unique ID, the
process in doing that doesn't matter -- just the hash does.
Here's an example of how this would work:
On our user framework, everyone has Unique ID. This ID is nothing more
than an integer.
When a user calls to our auth server from an OpenID form, it does its
magic. Upon success, it would return the following assertion:
> [return_to]::[SHA1(unique_id + '::' + server_fqdn)]")))
In my case, the sha1 hash would look like: sha1("1::mylevel9.com") or
Then, the server would return an argument back to the consumer with
The consumer would store that, and reference it for later use. If
sometime in the future, the user deletes their account, and someone
else obtains the same username, the ID would change and the consumer
would simply discard all of the other information held under the
previous openid.uid for the asserted ID-URL.
This way, we truly know that this is the one and only user, for as long
as that user also has the same openid.uid hash.
Honestly, I don't think this is such a hard thing to implement -- heh,
but I will say that getting DSS1 to work on PHP was. :-)
More information about the yadis