The fourth player

Martin Atkins mart at degeneration.co.uk
Tue Jun 28 08:32:50 PDT 2005


We've got a system now which allows many people to authenticate to many
sites using one of many identity servers. The user is free to switch
identity servers at will through the delegate mechanism.

There is one player we've not been considering, though. Let's call them
the "identity provider". The identity provider is the ultimate
controller of the identity URL. In the case of bradfitz.com, the
identity provider is Brad himself because it's his domain and his
server. However, in the case of frank.livejournal.com. the identity
provider is LiveJournal. By using frank.livejournal.com as your
identity, you are (assuming you want to keep using that identity
forever) tied to LiveJournal. If LiveJournal goes away, your identity
goes with it. If LiveJournal starts operating in a way that you find
distasteful, you are locked in.

This is just the result of using URLs. It's not necessarily a problem.
It just means that one must pick one's identity URLs wisely. If you
intend your identity URL to last forever, make sure it's in a domain
completely under your own control. If you're just a LiveJournal user
leaving a comment for a friend on DeadJournal, a livejournal.com
identity will do you just fine; if LiveJournal goes away, you'll just
get yourself an account at GreatestJournal.

So I'm not really pushing for a solution, I just think it's worth
bearing this in mind. It's still decentralized: you can pick whatever
identity provider you like. The solution is to plan ahead and pick an
identity provider you can trust. If you want to be really sure, you can
pick yourself. All you have to do is get a domain; The delegation
mechanism ensures that you can swich between ID servers at will
regardless of what your main identity is.



More information about the yadis mailing list