Dynamic Delegate Identity?

Ben Hyde bhyde at pobox.com
Sat Sep 2 14:24:58 UTC 2006

How dynamic should the delegate identity be?

My concern, as usual in this context, is reducing the chance that  
account data is linked due to casual design decisions.

Right now the delegate identity URL given in all the examples is not  
obfuscated.  But I think it should be maximally opaque.

Rather than provide an openid.delegate of, say, http://wikitravel.org/ 
en/User:Downtown on my open id url page www.cozy.org/chum wouldn't it  
be preferable if I provided http://wikitravel.org/en/OpaqueUser: 

How much should openid.delegate vary?

1. Should it be obfuscated?
2. Should/can it be different on www.cozy.org/chum v.s. www.cozy.org/ 
bait ?
3. Should/can/may it be different depending on who fetched  
www.cozy.org/chum ?
4. Should/can/may it be different over time www.cozy.org/chum ?

The more the better as far as I'm concerned.  I think the spec should  
be firm in requiring or at least advising many of these.

    - ben

ps. I'm a bit unclear on why openid.delegate is required.

More information about the yadis mailing list