Dynamic Delegate Identity?

Dick Hardt dick at sxip.com
Wed Sep 6 08:18:58 UTC 2006

On 2-Sep-06, at 7:24 AM, Ben Hyde wrote:

> How dynamic should the delegate identity be?
> My concern, as usual in this context, is reducing the chance that  
> account data is linked due to casual design decisions.
> Right now the delegate identity URL given in all the examples is  
> not obfuscated.  But I think it should be maximally opaque.
> Rather than provide an openid.delegate of, say, http:// 
> wikitravel.org/en/User:Downtown on my open id url page www.cozy.org/ 
> chum wouldn't it be preferable if I provided http://wikitravel.org/ 
> en/OpaqueUser:13452342152?

yes, and likely will be what you do

> How much should openid.delegate vary?
> 1. Should it be obfuscated?
> 2. Should/can it be different on www.cozy.org/chum v.s.  
> www.cozy.org/bait ?
> 3. Should/can/may it be different depending on who fetched  
> www.cozy.org/chum ?
> 4. Should/can/may it be different over time www.cozy.org/chum ?
> The more the better as far as I'm concerned.  I think the spec  
> should be firm in requiring or at least advising many of these.

Although useful suggestions, I don't think they belong in the spec.  
Depending on what you want to accomplish with delegation,  these  
suggestions are not relevant.

>    - ben
> ps. I'm a bit unclear on why openid.delegate is required.

separate identifier ownership from identity services

More information about the yadis mailing list