Why URL?

Zefiro work at zefiro.de
Wed Aug 17 09:58:49 PDT 2005

Hi, Brad

> But let's have a race:
quite unfair race, with you having 8 million identities backing OpenID ;)

Though as far as I understood the system, he would use a very similar system, letting the user enter an URI which can have all
the possible additional information and data. One of them would be the PGP public key. So now instead of having the URI as the
identity, he would use it merely as a pointer to this PGP file, which would be the identitiy - so keeping the same identity when
being forced to change the URI.

This system does have the advantage of taking an identity with you if you loose control over your URI. On the other hand,
displaying of the identity was an important aspect. We spoke about this when I mentioned different ways of displaying the user
instead of showing this URI and it was no question that the URI as the real identity would always be easily visible. So with a
PGP public key you surely wouldn't want to do this. (at least without client side automatic checking programs)

I personally think the URI is good enough, much simpler, and you could loose any other information as well - your email address,
your PGP private key, your password to your local computer getting hacked, etc - so the loss of the URI doesn't look that
dramatic in comparison.

Of course a PGP based approach could be installed additionally on a higher level, though then it wouldn't be the identitiy, just
backing it.


More information about the yadis mailing list