URL relationship permanence
Xageroth Sekarius
xageroth at gmail.com
Thu Jun 30 13:13:30 PDT 2005
On 6/30/05, Benjamin Yu <benjaminlyu at yahoo.com> wrote:
> I would also add that the above is outside of the scope of what OpenID really
> is meant to address. The above is Identity Management, OpenID is about
> Authentication.
>
> -Ben
This is basically my confusion. What exactly is being authenticated?
What exactly is a relationship being built upon since the thing that
is being authenticated is not the user?
OpenID claims:
"All OpenID does is provide a way to prove that you own a URL (identity)."
Really, that's misleading. OpenID does not prove I have ownership it
can only prove I had authority at least one point in time to modify
data at a URL for making assertions. Proving that I own a URL would
require at least: The URL in question, whether or not I can modify
data to it, whether or not anyone else can modify data to it, and the
context of authority under which that modification occured. LID gets
around this problem by being the server as well and therefore the
assertions from the URL endpoint and assertions by the server are the
same.
Examples of context: Bulletin board post. Slashdot-style news page or
contributors-welcome article site. Web designs created by non-owners
then given to owners.
More information about the yadis
mailing list