Hi Drummond,

On 5-Jun-07, at 9:44 AM, =drummond.reed wrote:

> I see no reason we can't add the rules for
> reassignable-URL-to-persistent-URL mapping as well, since it's  
> simply a
> matter of the RP confirming that the persistent identifier is also
> authoritative for the XRDS.
> If we approached it this way, all the OpenID Authentication 2.0  
> spec would
> need to do is specify the use of Canonical ID verification as part  
> of the
> OpenID discovery process, and then everyone -- users, OPs, and RPs,  
> would be
> able to use any
> reassignable-OpenID-identifier-to-persistent-OpenID-identifier mapping
> process that worked best for them.

Not knowing how you plan to have the canonical ID verification for  
URLs (really looking forward to reading tomorrow's draft), I'm not  
sure it's a simpler approach or even a generalization of the fragment  

Yes, it would be simpler to specify in the OpenID spec, but it would  
include a pointer to a section of the XRI spec, which scares so many  
people away.

 From your comments I understand that the persistent identifier has  
to be discoverable; in the fragment approach, the fragment itself  
(which is the actual persistent part) is stripped out at  discovery  
time, and only comes into play at the auth response / verification  
stages (hence not sure the generalization applies).

Keying your identity on a new / different URL also brings in the  
management effort required to maintain that second, persistent URL  
(and making sure it stays persistent). If that is an absolute URL,  
the cost is considerably higher than just keeping track of your  
persistent fragment. (In this respect the fragment approach is simpler.)


specs mailing list

Reply via email to