yadis Digest, Vol 13, Issue 14

Dick Hardt dick at sxip.com
Thu Jun 1 04:25:22 UTC 2006


Being able to manage many identifiers as well as provide 1:1  
identifiers is why we think the user should be entering their  
identity service rather then their identity at the website.

That is the primary difference between SXIP/DIX and OpenID.

-- Dick

On 25-May-06, at 10:33 AM, Drummond Reed wrote:

> Josh is right -- this use case is popping up everywhere now. A few  
> weeks ago
> at the Internet Identity Workshop session on the SAML version of  
> ISSO (the
> i-name single sign-on protocol being specified at XDI.org), "anonymous
> single sign-on" ended out being the main subject of discussion.
>
> The basic principle is the same whether the identifiers used are  
> URLs or
> XRIs/i-names: if you want to login anonymously on a site, rather than
> logging in with your own URL or XRI/i-name, you login with the URL or
> XRI/i-name of an anonymizing authentication service offered by your  
> identity
> provider/i-broker.
>
> That anonymizing identity service then generates a site-specific  
> URL or XRI
> that will identify you to that site. The end-user does not have to  
> remember
> or keep track of this site-specific URL or XRI because all the end- 
> user
> needs to remember is the URL or XRI/i-name of the anonymizing  
> authentication
> service.
>
> I'm cc'ing Peter Davis at NeuStar who is authoring the SAML version  
> of the
> ISSO protocol (he should have it posted at XDI.org shortly -- we'll  
> post a
> link when it is) as he's looking at adding this anonymous single  
> sign-on
> option explicitly to the spec (although it may not be until v1.1).
>
> =Drummond (http://xri.net/=drummond.reed)
>
> -----Original Message-----
> From: yadis-bounces at lists.danga.com [mailto:yadis- 
> bounces at lists.danga.com]
> On Behalf Of Josh Hoyt
> Sent: Thursday, May 25, 2006 8:08 AM
> To: Chris Drake
> Cc: yadis at lists.danga.com
> Subject: Re: yadis Digest, Vol 13, Issue 14
>
> On 5/25/06, Chris Drake <christopher at pobox.com> wrote:
>> How is my privacy being protected if I have to give my ID to a  
>> relying
>> party?  For example - I don't want the folks at "shame-your-boss.com"
>> to know my ID in case they later see me at work in my sourceforge
>> account - or do I have to create a collection of new Yadis IDs, one
>> for each new web site I go to ?   Am I missing something here?
>
> Use different identifiers in places where you do not want to be
> identified as the same person. Identity providers can (and will) make
> this easy, without requiring you to have more than one account.
>
> It is possible for your IdP to issue one identifier per site that you
> visit to get the convenience of single-sign-on without giving up any
> privacy. A case that I expect to be even more common is to use
> different identifiers in different communities, such as work and
> family.
>
> I hope that helps.
>
> Josh
>
>
>



More information about the yadis mailing list