Dynamic Delegate Identity?
bhyde at pobox.com
Sat Sep 2 14:24:58 UTC 2006
How dynamic should the delegate identity be?
My concern, as usual in this context, is reducing the chance that
account data is linked due to casual design decisions.
Right now the delegate identity URL given in all the examples is not
obfuscated. But I think it should be maximally opaque.
Rather than provide an openid.delegate of, say, http://wikitravel.org/
en/User:Downtown on my open id url page www.cozy.org/chum wouldn't it
be preferable if I provided http://wikitravel.org/en/OpaqueUser:
How much should openid.delegate vary?
1. Should it be obfuscated?
2. Should/can it be different on www.cozy.org/chum v.s. www.cozy.org/
3. Should/can/may it be different depending on who fetched
4. Should/can/may it be different over time www.cozy.org/chum ?
The more the better as far as I'm concerned. I think the spec should
be firm in requiring or at least advising many of these.
ps. I'm a bit unclear on why openid.delegate is required.
More information about the yadis