Blog URI, is it necessary?

Ben Hyde bhyde at pobox.com
Fri May 20 10:05:22 PDT 2005


On May 20, 2005, at 12:01 PM, ydnar wrote:
> An OpenID server is vouching for the person using the browser, 
> asserting they own/control the input URL.

Must it to do both?

> Alice needs to provide a unique URL that she has implied control over. 
> This keeps a 1:1 mapping between a URL and a "user." LiveJournal can't 
> go around asserting http://livejournal.com for everyone.

What would that break?

Longer form: what would break if the returned openid.assert_identity 
wasn't identical to sent openid.is_identity?

> However, this is not to say, a site (Craigslist for instance) can't 
> piggyback OpenID on top of its anonymizing code and provide its users 
> with an anonymous URL that can be asserted without tying it to an 
> individual user:
>
> http://anon-5812930492.craigslist.org

neat, interesting possibility

> y
>
>
>
> Ben Hyde wrote:
>
>> Interesting work going on here!
>>
>> I don't pretend to understand the design entirely at this point.  You 
>> can tell I don't because the blog posting[1] I wrote last night 
>> suffers from a bit of deep confusion.
>>
>> I skimmed the "how it works" page and over generalized.  The how it 
>> works page shows the user being prompted for the the URL of his blog. 
>>  I projected my own assumptions of how to do this and assumed that 
>> the user was being prompted for the URL of what I call a "vouching 
>> server" in the posting.
>>
>> Why is it better to ask the user to reveal his blog's URL?   When he 
>> reveals that he is revealing quite a lot of information about 
>> himself.  If you ask him instead to reveal only the name of a site 
>> that can vouch/introduce/ID him then you minimize how much he is 
>> forced to reveal himself to the site he's visiting.
>>
>> In my naiveté it appears that this change is very low impact.
>>
>> In my confused blog posting I suggest there are these players in the 
>> senario.
>>   - the anonymous visitor
>>   - the suspicious site (which would like to get a better handle on 
>> this anonymous visitor)
>>   - the vouching site (which is willing to help the anon-visitor and 
>> the suspicious-site work thru this problem)
>>
>> Call these Alice, Steve, and Victor respectively.
>>
>> If Alice enter's  horde-of-bloggers.com (a blogging mega-site) rather 
>> than innocent-child.horde-of-bloggers.com (her blog of embarrassing 
>> poetry) it appears that the Steve can still work with Victor and 
>> Alice to get the tiny minimal bit of handle that Steve needs to feel 
>> more comfortable about Alice.
>>
>> So, my question:  Is it really necessary to insist that Alice reveal 
>> to Steve her blog?  Isn't it sufficent and better to just ask Alice 
>> to suggest a Victor who can vouch for her?   What would this change 
>> break?
>>
>>   - ben
>>
>> [1] http://enthusiasm.cozy.org/archives/2005/05/openid/
>>
>> ----
>> http://enthusiasm.cozy.org   http://gibbon.cozy.org   
>> tel:+1-781-240-2221
>>  I forecast sunny weather!
>>
>> _______________________________________________
>> yadis mailing list
>> yadis at lists.danga.com
>> http://lists.danga.com/mailman/listinfo/yadis
>>
> _______________________________________________
> yadis mailing list
> yadis at lists.danga.com
> http://lists.danga.com/mailman/listinfo/yadis
>
>
----
http://enthusiasm.cozy.org   http://gibbon.cozy.org   
tel:+1-781-240-2221
  I forecast sunny weather!



More information about the yadis mailing list