glyph at divmod.com glyph at divmod.com
Tue May 17 11:01:17 PDT 2005

On Tue, 17 May 2005 12:03:17 -0400, Christopher Schmidt <crschmidt at crschmidt.net> wrote:

>The HTTP URI that is in use is what stores the location of the identity
>server. How do you do an email address->identity server lookup?

Similar to in email, "alice at example.com" means "My name is alice, and my communication is handled through example.com".  example.com is the DNS name we'd use to connect.  The domain is also an entity with a certificate - if the user has an SSL certificate signed by that domain it isn't necessary to further verify them by doing a call-back connection.  My hope is that will allow the protocol to scale even better.

In fact, in the q2q web authorization protocol, you don't have to tell the host that you're talking to who you are - your authorization server does that.  I guess the common terminology for this stuff is that you show up at a "member site", which you give a domain name or q2q id to, which redirects you to your "home site", where you exchange credentials - and then the "home site" tells the "member site" who you are.

The goal of that is to provide some level of anonymity but to also provide accountability.  The site providing your anonymous identifier is still identifiable and still accountable.  After all, while there are certainly places, like political forums, where some degree of anonymity can protect people, total anonymity... well, Penny Arcade has something to say about that.  http://www.penny-arcade.com/view.php3?date=2004-03-19&res=l

More information about the yadis mailing list