Association Handles and Service URIs (was Question: Yadis Service URIs in the OpenID Auth case)

Marius Scurtescu marius at
Thu Aug 24 21:44:33 UTC 2006


Following on the previous conversation I would like to ask a few  
questions regarding association handles:
- are these handles supposed to be globally unique (across all IdPs)?
- why can't we just use the IdP service URI as an implicit handle?
- the association expiry time is expressed as a period of time, what  
is the starting point?
- wouldn't be better to specify the expiry time as an absolute value?

Sxip Identity

On 24-Aug-06, at 12:04 PM, Kevin Turner wrote:

> On Wed, 2006-08-23 at 17:54 -0700, Johannes Ernst wrote:
>> Am I correct that it would be false to assume that:
>>   - the two service URIs reside on the same server;
>>   - are maintained by the same organization;
>>   - use the same negotiated D-H secret (aka I negotiate with one
>> service URI, but successfully use it with the other), even if they
>> are very similar URIs.
> I think you are correct; none of those are 100% safe assumptions to
> make.  Some of those might be sane conventions to establish, i.e.
> "everything under a single Service tag is maintained by one provider,"
> but I don't think we can count on that.  And even if you could  
> count on
> that one, the other two wouldn't necessarily follow.

More information about the yadis mailing list