danda at videntity.org
Thu Sep 15 00:29:22 PDT 2005
I think we are saying the same thing, but possibly we are using terms
differently. The original quote to which I responded was:
> It is NOT clear whether the claimed identity, the canonical identity URL,
> or the delegate identity URL should be considered by consumers to be the
> unique individual. I'd argue for claimed identity, but others may
So if we take your example of:
- claimed url: mart.mydomain.com
- delegate url: mart.livejournal.com
Then I am calling "http://mart.mydomain.com/" the canonical identity
URL, and that is what I think should be used as a DB primary key by the
consumer. I suppose a better term might be "normalized claimed
Martin Atkins wrote:
>Dan Libby wrote:
>>It seems cleaner to me to use the canonical identity as primary key.
>>That way, you allow the user to enter eg:
>>"http://sally.people.com/" the first time and then just
>>"sally.people.com" the second time, and they both point to the same record.
>>You could still display ( or even store ) whatever the user entered as a
>That falls down in this scenario:
>* I have mart.mydomain.com delegated to mart.livejournal.com so that I
>can use LiveJournal's identity server. I want to appear as
>* LiveJournal gets bought out by some evil company. I no longer trust
>* I change my delegation to point at mart.coolidentityhost.com but
>continue to log in as mart.mydomain.com.
>In this case, I still want to be considered to be the same identity
>(mart.mydomain.com) despite my ID server changing. It's the canonical
>version of the claimed identity that should be used, not the delegation URL.
>It's very important to use the claimed URL as the key since the ability
>to switch identity servers without losing your identity is a major part
>of OpenID's decentralisation.
More information about the yadis