URL relationship permanence

VampWillow tech at vampwillow.com
Thu Jun 30 14:48:49 PDT 2005

> Really, that's misleading. OpenID does not prove I have ownership it
> can only prove I had authority at least one point in time to modify
> data at a URL for making assertions.

OpenID shows you are that URL at the point you say you are that URL. No
more, no less. Taking the LJ implementation as an example, you are asked
whether you want to authorise the relationship "just this time" or
"permanently", and I would argue only the first of these is a reasonable
use of OpenID (for some of your reasons, but also for others). There is
clearly an issue though with what servers might presume from being given
someone's OpenID URL but that isn't *neccessarily* OpenID's problem ...

> LID gets
> around this problem by being the server as well and therefore the
> assertions from the URL endpoint and assertions by the server are the
> same.

The point of OpenID though is to remove that SPF. LID appears to be, in
part, solving a different problem ...


More information about the yadis mailing list