Association Handles and Service URIs (was Question: Yadis Service
URIs in the OpenID Auth case)
Marius Scurtescu
marius at sxip.com
Thu Aug 24 21:44:33 UTC 2006
Hi,
Following on the previous conversation I would like to ask a few
questions regarding association handles:
- are these handles supposed to be globally unique (across all IdPs)?
- why can't we just use the IdP service URI as an implicit handle?
- the association expiry time is expressed as a period of time, what
is the starting point?
- wouldn't be better to specify the expiry time as an absolute value?
Thanks,
Marius
Sxip Identity
On 24-Aug-06, at 12:04 PM, Kevin Turner wrote:
> On Wed, 2006-08-23 at 17:54 -0700, Johannes Ernst wrote:
>> Am I correct that it would be false to assume that:
>> - the two service URIs reside on the same server;
>> - are maintained by the same organization;
>> - use the same negotiated D-H secret (aka I negotiate with one
>> service URI, but successfully use it with the other), even if they
>> are very similar URIs.
>
> I think you are correct; none of those are 100% safe assumptions to
> make. Some of those might be sane conventions to establish, i.e.
> "everything under a single Service tag is maintained by one provider,"
> but I don't think we can count on that. And even if you could
> count on
> that one, the other two wouldn't necessarily follow.
>
>
>
More information about the yadis
mailing list