Dynamic Delegate Identity?
Dick Hardt
dick at sxip.com
Wed Sep 6 08:18:58 UTC 2006
On 2-Sep-06, at 7:24 AM, Ben Hyde wrote:
> How dynamic should the delegate identity be?
>
> My concern, as usual in this context, is reducing the chance that
> account data is linked due to casual design decisions.
>
> Right now the delegate identity URL given in all the examples is
> not obfuscated. But I think it should be maximally opaque.
>
> Rather than provide an openid.delegate of, say, http://
> wikitravel.org/en/User:Downtown on my open id url page www.cozy.org/
> chum wouldn't it be preferable if I provided http://wikitravel.org/
> en/OpaqueUser:13452342152?
yes, and likely will be what you do
>
> How much should openid.delegate vary?
>
> 1. Should it be obfuscated?
> 2. Should/can it be different on www.cozy.org/chum v.s.
> www.cozy.org/bait ?
> 3. Should/can/may it be different depending on who fetched
> www.cozy.org/chum ?
> 4. Should/can/may it be different over time www.cozy.org/chum ?
>
> The more the better as far as I'm concerned. I think the spec
> should be firm in requiring or at least advising many of these.
Although useful suggestions, I don't think they belong in the spec.
Depending on what you want to accomplish with delegation, these
suggestions are not relevant.
>
> - ben
>
> ps. I'm a bit unclear on why openid.delegate is required.
separate identifier ownership from identity services
More information about the yadis
mailing list