Hi Drummond, On 5-Jun-07, at 9:44 AM, =drummond.reed wrote:
> I see no reason we can't add the rules for > reassignable-URL-to-persistent-URL mapping as well, since it's > simply a > matter of the RP confirming that the persistent identifier is also > authoritative for the XRDS. > > If we approached it this way, all the OpenID Authentication 2.0 > spec would > need to do is specify the use of Canonical ID verification as part > of the > OpenID discovery process, and then everyone -- users, OPs, and RPs, > would be > able to use any > reassignable-OpenID-identifier-to-persistent-OpenID-identifier mapping > process that worked best for them. Not knowing how you plan to have the canonical ID verification for URLs (really looking forward to reading tomorrow's draft), I'm not sure it's a simpler approach or even a generalization of the fragment proposal. Yes, it would be simpler to specify in the OpenID spec, but it would include a pointer to a section of the XRI spec, which scares so many people away. From your comments I understand that the persistent identifier has to be discoverable; in the fragment approach, the fragment itself (which is the actual persistent part) is stripped out at discovery time, and only comes into play at the auth response / verification stages (hence not sure the generalization applies). Keying your identity on a new / different URL also brings in the management effort required to maintain that second, persistent URL (and making sure it stays persistent). If that is an absolute URL, the cost is considerably higher than just keeping track of your persistent fragment. (In this respect the fragment approach is simpler.) Johnny _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
