Re: [xri] OpenID Use Case

[Nat Sakimura <n-sakimura@nri.co.jp>]

Hi Breno,

Breno de Medeiros wrote:

Hi Nat,

You have a step with a Discovery Service DS. I understand that is an optional component if the RP cannot for some reason implement the discovery logic themselves, right?

No. DS is the core of the entire service. It is the service that provides the permanent unique identifier that is to be verified at the Authentication Service (AS).

I would suggest that no RP signature is needed to use a DS as you describe. Instead of using a PPID you should use a One-Time identifier, when then the RP signature is not needed.

Right. PK based RP signature is needed only when you want to generate PPID. It is a privacy feature.
If you use One-Time identifier, signature is not needed. If you use the veronymous ID, you would not either.
You would need current OpenID like signature though for message integrity.

On Thu, Jul 16, 2009 at 2:38 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:

HI.

I have blogged about OpenID Use Case with Sequence Diagram, where Discovery and Authentication services are separated.

Here is the link: http://www.sakimura.org/en/modules/wordpress/index.php?p=85

Comments welcome.

I think it works, at least for URL based OpenID.

I need to understand how the XRI resolution is going to be done.

Who is working on it?

=nat

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

--
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)