yadis Digest, Vol 13, Issue 14

[Drummond Reed]

Ah, Chris, I get it -- essentially all the i-brokers become a "safe-referral
network".

The potential weak link is that if a user does not trust a relying party
with their i-name, they may not trust the relying party's i-broker with
their i-name either. Even though it's an i-broker, it's not the user's own
i-broker.

I don't know either way for sure. Just a thought about the social acceptance
part of the equation. Much we all have to learn there...

=Drummond 

-----Original Message-----
From: Chris Drake [mailto:christopher at pobox.com] 
Sent: Saturday, May 27, 2006 3:00 PM
To: Drummond Reed
Cc: yadis at lists.danga.com
Subject: Re[4]: yadis Digest, Vol 13, Issue 14


Sunday, May 28, 2006, 4:54:37 AM, Drummond Reed wrote:

DR> ### My understanding of this option is that in order for the site to
simply
DR> offer an "i-names" logo that the user could click to begin their login
DR> process, it would require a common "trusted authentication proxy" (what
I
DR> had called an "anonymizing authentication service"). Since you're right
that
DR> this option would require the same trusted authentication proxy for all
DR> relying parties, IMHO this is a non-starter. ###

No - my mistake - and Less complicated than my double-blind idea:

All relying parties will have their own I-Broker.

The relying partly simply links their inames logo to their own
ibrokers login page.

All we've got to do is get all I-Brokers to agree to redirect incoming
inames-holders off to their correct I-Broker if they attempt to log in
to the wrong place.

With good cookie handling, this makes one-click inames logins
possible, even though some of the time there will be an extra redirect
from a wrong ibroker.

Again - with good cookie handling - this won't significantly alter
most users I-Broker login experience - however - when someone arrives
at an ibroker with no cookies, the ibroker will need to NOT ask for
their password until they know it's their customer...

Kind Regards,
Chris Drake