Dealing with renames
Ask Bjørn Hansen
ask at develooper.com
Sun May 29 16:34:18 PDT 2005
On May 29, 2005, at 4:27 AM, Karl Koscher wrote:
[...]
> So, is there a good solution to this? Should we even worry about
> it? One thing I was thinking of is having the identity server
> return some unique ID that always maps to that particular user on
> that identity server. The unique ID doesn't have to mean anything
> to anyone except the identity server.
The ID server shouldn't do that. http://domain/someguy/ and http://
domain/anotherguy/ might be different "personas" for me, even if I'm
the same user on the ID server.
Also, I'm still http://domain/someguy/ even if I change from using LJ
as my ID server to using http://www.openlogin.net/; so that should be
supported.
One possible solution (quickly getting into More Complicated Than We
Want Territory) could be something along these lines:
You put a root type certificate and a revocation list on your site
and then give the ID server a certificate it can sign the request
with on your behalf.
The private key to the root certificate is on your local computer and
the consumer can then use the fingerprint from the root certificate
on your site for your user-id.
- ask
--
http://www.askbjoernhansen.com/
More information about the yadis
mailing list