Dick, you are right that there are usability challenges with i-numbers and XDI.org and the i-broker community is working to address them. Although persistent identifiers are used everywhere in local systems (directories, databases, object stores, etc.), and the concept has been around at the Internet level since the late '90s in the form of URNs (http://en.wikipedia.org/wiki/Uniform_Resource_Name), the need to integrate them into a digital identity layer is only just emerging.
As with each new Internet layer, there's some stuff that just has to get figured out ;-) =Drummond -----Original Message----- From: Dick Hardt [mailto:[EMAIL PROTECTED] Sent: Thursday, October 19, 2006 9:26 AM To: Drummond Reed Cc: 'Recordon, David'; 'Martin Atkins'; specs@openid.net Subject: Re: XRI confusion That provides clarity on the process, thanks. If the user knows that their i-name has been changed, then when you write here: http://www.lifewiki.net/openid/ConsolidatedDelegationProposal Summary of Motivations: ... 4. Enable RPs to take advantage of XRI CanonicalDs to protect End-Users from ever having their Portable Identifier reassigned (and thus their identity taken over). ... his is just in case they don't get alerted to their i-name being changed? btw: I have no idea what my i-numbers are, and it was not clear to me that I had them when I got them. I think there are some real usability issues here, but this is likely not the place to address those. :-) -- Dick On 19-Oct-06, at 8:12 AM, Drummond Reed wrote: > Exactly. An i-name being reassigned is very similar to a domain > name being > reassigned -- the previous owner is going to know they no longer > own it. > > For example, if you register blame.ca, you're going to receive > multiple > notices from your DNS registrar that you need to renew it, and if > you don't, > you know it is almost certain to be reassigned. The same is true > for i-name > registrants. > > With regard to i-numbers, every registrant is notified of their i- > number, > and their i-broker retains a record of the i-number. Because an i- > number is > NEVER reassigned, if a registrant chooses not to renew an i-name, they > ALWAYS have their i-number. > > Note that since the i-name and i-number are directly synonymous, > i.e., the > i-number resolves the same XRDS as the i-name, if a registrant know > their > i-number, they can always use it to login at any OpenID RP at which > they had > previously used any i-name synonym for that i-number. > > =Drummond > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf > Of Recordon, David > Sent: Thursday, October 19, 2006 4:09 AM > To: Dick Hardt; Martin Atkins > Cc: specs@openid.net > Subject: RE: XRI confusion > > How would Alice buy =foo when Bob already owns it? > > --David > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dick Hardt > Sent: Thursday, October 19, 2006 3:58 AM > To: Martin Atkins > Cc: specs@openid.net > Subject: Re: XRI confusion > > > On 19-Oct-06, at 12:44 AM, Martin Atkins wrote: > >> Dick Hardt wrote: >>> >>> How would a user ever learn what their CanonicalID is? >> >> The user doesn't need to know his i-number. The system discovers that >> for him. >> >>> If there Portable Identifier (i-name) is reassigned, then they will >>> be sent to an IdP for the new Canonical ID is, expecting credentials >>> from the new owner. The user will never make it back to the RP, and >>> they will have no easy way of proving they are the owner of the >>> CanonicalID. >> >> I don't really understand this paragraph, but when the i-name is >> reassigned it'll cease to point at the same XRDS and will thus not >> point at the IdP anymore - unless the new owner also has an account >> with that IdP, of course. But they have a different i-number, so the >> IdP can distinguish them. > > Bob has the i-name =foo. Alice has =foo reassigned to her. Bob does > not > know this. Bob goes to an RP, enters =foo and gets sent somewhere he > cannot authenticate since =foo resolves somewhere else. > > Bob does not know what to do. =foo does not resolve to his i-number > any > more. How does he find out what it is so that he can get a his i- name > to point to it? > >> >>> Additionally, in the proposal, the i-name is not sent from the RP to >>> the IdP, so how does the IdP know which i-name to address the user >>> as? >> >> I would hope that an IdP, given that I've already established a >> relationship with it, can find something better to address me with >> than a URI. It should be calling me "Martin". > > Perhaps, although I would like my IdP to let me know which > Identifier I > am going to present to the RP. > > -- Dick > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
