[LINK] RFI: OpenID

Stephen Edgar stephen at netweb.com.au
Fri Apr 18 05:13:37 AEST 2008


I scooted the content of your message to the OpenID mailing list Roger and this is what I got, hope it helps.

Cheers,

Stephen Edgar
---------------snip-----------------
Stephen,

Unfortunately, as much as you would expect http://openid.org to represent
the OpenID Foundation, it does not (the owners said they wanted to donate
the domain to the OpenID Foundation but they did not). The official OpenID
Foundation site is at http://openid.net/. I'm sincerely hoping that the
information you find there is not "sales blarney".

Second, the fourth assumption on your bullet list below - "the intention
that each person have only one id" - is definitely not true. A key feature
of OpenID 2.0 is widely referred to as "directed identity" after Kim
Cameron's Fourth Law of Identity
(http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf). This
feature allows a user to login to a relying party (RP) with the identifier
of their OpenID Provider (OP) rather than their own identifier, and for the
OP to generate a pairwise unique OpenID identifier for the user at that
particular RP.

If you want a deeper analysis of that feature, plus other privacy-related
features of OpenID, one reference is a paper on OpenID discovery I gave last
month at the IDtrust Symposium:


http://middleware.internet2.edu/idtrust/2008/papers/01-reed-openid-xri-xrds.pdf

George Fletcher of AOL also gave another OpenID paper there:

http://middleware.internet2.edu/idtrust/2008/slides/11-fletcher-openid.pdf

Hope this helps,

=Drummond
--------------- end snip-----------------

-----Original Message-----
From: link-bounces at anumail0.anu.edu.au [mailto:link-bounces at anumail0.anu.edu.au] On Behalf Of Roger Clarke
Sent: Thursday, 17 April 2008 5:59 PM
To: link at anu.edu.au
Subject: [LINK] RFI: OpenID

Can anyone point to an accessible description of OpenID?

Like a lot of open source, the sites and the documentation are very
much by-geeks/for-geeks.

I suspect that it's just a latter-day MS Passport, but with:
-   open specs
-   more adopters (among corporations, if not among people)
-   the scope for stronger linkage between the id and the entity
-   the intention that each person have only one id

In short, it seems to be just supply-side federated identity management:
http://www.anu.edu.au/people/Roger.Clarke/EC/IdMngt-0804.html#RTFToC14
Exhibit 5D: 'Federated Identity Management'
(or Interoperable Multi-Supplier Multi-Organisation Single-SignOn)

But I'd welcome any leads to a description or analysis somewhere
between the sales blarney at:  http://www.openid.org/
and the highly segmented and detailed (and of course necessary)
tech-speak at:  http://openid.net/developers/specs/

Thanks!

--
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link




More information about the Link mailing list