>>Drummond Reed wrote:
>> 3) Allowing the user to control Claimed
>> Identifier-to-IdP-Specific-Identifier mapping gives the user the ability
to
>> establish any number of OpenID "synonyms" that do not require any
>> involvement on the part of the IdP. In many ways this is the user-facing
>> compliment of the directed identity value proposition: in directed
identity,
>> the user can have the IdP create any number of pseudonyms for different
RPs.
>> But the user is dependent on the IdP for this functionality. With Claimed
>> Identifier-to-IdP-Specific-Identifier mapping, the user controls which
>> Claimed Identifier maps to which IdP-Specific-Identifier, and is NOT
>> dependent on the IdP for this mapping (which means it is entirely
portable).
>>
>
>Pete Rowley wrote:
>
>Is it a goal to not allow correlation of identifiers? If so, I do not
>think this meets that goal.
>
>Looking at the parties involved here, I necessarily have to trust my
>IdP, but I certainly don't want to trust RPs. So if there is to be
>leakage of information, it should go to the IdP, who is charged with the
>protection of my data. This appears to construct what amounts to a map
>of all my online identifiers nicely formatted so that a bot can harvest
>it easily. Perhaps non-correlation is a non-goal for this particular
>feature - but I would hope that it would be a high priority.
You're absolutely right, Pete -- since all of these identifiers would be
public identifiers, a bot could harvest them. So non-correlation is not a
goal of this feature -- the goal is IdP-independent public synonym
management.
Non-correlation of identifiers IS a goal of the 2.0 directed identity
feature. Eve Maler just did a great blog post about this:
http://www.xmlgrrl.com/blog/archives/2006/10/23/the-futures-so-bright-i-gott
a-wear-shades/
She was confused about exactly how directed identity worked in the 2.0 spec,
so I responded to her with:
http://www.equalsdrummond.name/?p=84
And she them wrote an even longer post about "Pseudonym Picking" that
includes an in-depth comparison of OpenID and SAML flows:
http://www.xmlgrrl.com/blog/archives/2006/10/24/pseudonym-picking/
Paul Madsen and others in Liberty have also responded very positively to the
directed identity feature, so I suspect it will be a hit once it rolls out.
=Drummond
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
