Blog URI, is it necessary?
bhyde at pobox.com
Fri May 20 10:05:22 PDT 2005
On May 20, 2005, at 12:01 PM, ydnar wrote:
> An OpenID server is vouching for the person using the browser,
> asserting they own/control the input URL.
Must it to do both?
> Alice needs to provide a unique URL that she has implied control over.
> This keeps a 1:1 mapping between a URL and a "user." LiveJournal can't
> go around asserting http://livejournal.com for everyone.
What would that break?
Longer form: what would break if the returned openid.assert_identity
wasn't identical to sent openid.is_identity?
> However, this is not to say, a site (Craigslist for instance) can't
> piggyback OpenID on top of its anonymizing code and provide its users
> with an anonymous URL that can be asserted without tying it to an
> individual user:
neat, interesting possibility
> Ben Hyde wrote:
>> Interesting work going on here!
>> I don't pretend to understand the design entirely at this point. You
>> can tell I don't because the blog posting I wrote last night
>> suffers from a bit of deep confusion.
>> I skimmed the "how it works" page and over generalized. The how it
>> works page shows the user being prompted for the the URL of his blog.
>> I projected my own assumptions of how to do this and assumed that
>> the user was being prompted for the URL of what I call a "vouching
>> server" in the posting.
>> Why is it better to ask the user to reveal his blog's URL? When he
>> reveals that he is revealing quite a lot of information about
>> himself. If you ask him instead to reveal only the name of a site
>> that can vouch/introduce/ID him then you minimize how much he is
>> forced to reveal himself to the site he's visiting.
>> In my naiveté it appears that this change is very low impact.
>> In my confused blog posting I suggest there are these players in the
>> - the anonymous visitor
>> - the suspicious site (which would like to get a better handle on
>> this anonymous visitor)
>> - the vouching site (which is willing to help the anon-visitor and
>> the suspicious-site work thru this problem)
>> Call these Alice, Steve, and Victor respectively.
>> If Alice enter's horde-of-bloggers.com (a blogging mega-site) rather
>> than innocent-child.horde-of-bloggers.com (her blog of embarrassing
>> poetry) it appears that the Steve can still work with Victor and
>> Alice to get the tiny minimal bit of handle that Steve needs to feel
>> more comfortable about Alice.
>> So, my question: Is it really necessary to insist that Alice reveal
>> to Steve her blog? Isn't it sufficent and better to just ask Alice
>> to suggest a Victor who can vouch for her? What would this change
>> - ben
>>  http://enthusiasm.cozy.org/archives/2005/05/openid/
>> http://enthusiasm.cozy.org http://gibbon.cozy.org
>> I forecast sunny weather!
>> yadis mailing list
>> yadis at lists.danga.com
> yadis mailing list
> yadis at lists.danga.com
I forecast sunny weather!
More information about the yadis