Browser Login Plugin

Ben Nolan bnolan at gmail.com
Thu May 19 16:21:00 PDT 2005


(I'm ashamed of my url to private key idea) ;)

If consumers had private keys (which would suck as a requirement... too
> much pain), then what do they get from signing a trackback? What does,
> say, LiveJournal benefit from getting a trackback that's singed from
> someblog.com <http://someblog.com>? That we know it came from someblog and 
> can trust it? We
> can't trust the contents... so that the origin is correct? I'm not
> bashing this idea... I just don't fully understand what's being
> verified/protected.
> 

We're verifying that the comment came from someblog. And we trust someblog 
to *some extent* (because we shared our identity with it) - so we'll trust 
it enough to post a trackback to a comment we made. The purpose of this is 
that we can recieve notification of comments that we post in the 
'blogosphere', so that I an keep a track of comments I make.

The consumer could also use their public key to sign any posts they send to 
my weblog, so my identity server could tell my wordpress install to trust 
someblog - then if our atom api recieves a request with the querystring 
params openid.trust_root=http://someblog/&openid.sig=... it'd know to accept 
that post.

It just seems a simple way to let consumers identify themselves to services 
other than the identity server.

And the public key would be *totally* optional for consumers, but if we add 
a recommendation that ID servers record the URLs to consumers public keys, 
it gives us lots of flexibility with no additional work for consumers, and 
minimal extra work for ID servers.

Hope that makes more sense this time.

Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20050520/4db675b1/attachment.htm


More information about the yadis mailing list