OpenID-style Group Proposal

Lukas Rosenstock inbox at lukasrosenstock.net
Sun Jul 30 19:31:33 UTC 2006


Hm, good idea!

> The GroupID concept would be that a site supporting OpenID could extend
> it by publishing a URL as a GroupID url.  So, they could publish a URL
> (e.g. http;//en.wikipedia.org/groupid/sysops ) which they say "we will
> verify your assertion that your OpenID is a member of the group
> identified at that URL".

I'd suggest using that the GroupID in fact is an RDF file with FOAF  
elements because there a data format for describing a group of people  
already exists.
Your scenario would work: After

> What would happen under the hood would be a handshake very similar to
> the OpenID handshake.  A normal OpenID handshake would happen first
> against http://robla.net.  Then, the assertion would be checked against
> the GroupID.  The GroupID server would also be an OpenID consumer,
> authenticating http://robla.net before validating the assertion that
> user http://robla.net is a member of
> http://en.wikipedia.org/groupid/sysops .  An OpenID handshake between
> the consumers would probably be necessary.

Simply load the RDF from the group file URL, check if there's a  
foaf:homepage tag with rdf:resource pointing to the user ID.
Cool thing about this: Even users with limited web server possibilities  
(e.g. only static pages) can describe groups which can be used for  
multiple purposes where your concept is only one of many.

Lukas


More information about the yadis mailing list