>>Drummond Reed wrote: >> 3) Allowing the user to control Claimed >> Identifier-to-IdP-Specific-Identifier mapping gives the user the ability to >> establish any number of OpenID "synonyms" that do not require any >> involvement on the part of the IdP. In many ways this is the user-facing >> compliment of the directed identity value proposition: in directed identity, >> the user can have the IdP create any number of pseudonyms for different RPs. >> But the user is dependent on the IdP for this functionality. With Claimed >> Identifier-to-IdP-Specific-Identifier mapping, the user controls which >> Claimed Identifier maps to which IdP-Specific-Identifier, and is NOT >> dependent on the IdP for this mapping (which means it is entirely portable). >> > >Pete Rowley wrote: > >Is it a goal to not allow correlation of identifiers? If so, I do not >think this meets that goal. > >Looking at the parties involved here, I necessarily have to trust my >IdP, but I certainly don't want to trust RPs. So if there is to be >leakage of information, it should go to the IdP, who is charged with the >protection of my data. This appears to construct what amounts to a map >of all my online identifiers nicely formatted so that a bot can harvest >it easily. Perhaps non-correlation is a non-goal for this particular >feature - but I would hope that it would be a high priority.
You're absolutely right, Pete -- since all of these identifiers would be public identifiers, a bot could harvest them. So non-correlation is not a goal of this feature -- the goal is IdP-independent public synonym management. Non-correlation of identifiers IS a goal of the 2.0 directed identity feature. Eve Maler just did a great blog post about this: http://www.xmlgrrl.com/blog/archives/2006/10/23/the-futures-so-bright-i-gott a-wear-shades/ She was confused about exactly how directed identity worked in the 2.0 spec, so I responded to her with: http://www.equalsdrummond.name/?p=84 And she them wrote an even longer post about "Pseudonym Picking" that includes an in-depth comparison of OpenID and SAML flows: http://www.xmlgrrl.com/blog/archives/2006/10/24/pseudonym-picking/ Paul Madsen and others in Liberty have also responded very positively to the directed identity feature, so I suspect it will be a hit once it rolls out. =Drummond _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs