Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« Launching Book IT! | Main | v|100 Selection »

Sun Supports OpenID and Opens the Question of Reputation

Sun announced (or at least Tim did) that Sun’s supporting OpenID at openid.sun.com. Sun has taken the additional step of stating that only Sun employees will have IDs there. So, if someone presents an OpenID with a base domain of openid.sun.com, you can be assured that Sun is vouching that they are an employee of Sun.

The biggest problem with this set up, of course, is that the attributes of an identifier ought to be transfered orthogonally to the identifier itself. The fact that the URL has a certain form should encode data like whether someone’s an employee or not. What if Sun decides to open it up to everyone next year and in the meantime, systems have been deployed assuming that only Sun employees are entitled to these identifiers?

Still, I like that Sun’s taking OpenID seriously. Ignore the employee status as URL issue and just concentrate on the asserted strength of the authentication process, if you like. Even so, there are still some flies in the ointment.

  • First, how do we know this is true, except that Tim says it?
  • More importantly, how does a machine know it’s true?
  • How do we avoid huge whitelists of machines who’s OpenIDs we trust (or blacklists of machines we don’t)?

The first problem is that there’s no metadata exchange for OpenID that can point to machine readable policies. Brad Fitzpatrick probably wants to shoot me right now, but I think it’s a problem. OpenID 2.0 will help with some of this, but I don’t think it’s the whole solution. I’m sure there’s something from XDI we could steal, couldn’t we Andy?

The second problem is that there’s no reliable way to get the reputation of an OpenID or the provider. It’s possible you could get away without a significant metadata exchange protocol if you had a reputation system for OpenIDs. My students and I worked on one this winter. We haven’t written it up yet, but will be demoing it at IIW next week.

Update: Drummond Reed, Paul Madsen, and Eve Maler weigh in on this issue:

  • Drummond’s post making the point that XRI is all about semantics.
  • Paul’s post with a humorous look at the development.
  • Eve’s post on the idea of trust.

Posted by windley on May 7, 2007 3:47 PM

See related posts:

 Share this article on Facebook
 Email this article to a friend
  Post this article to del.icio.us
 Format this article for printing
Get the TinyURL for this page

3 Comments

Comment from Paul C. Bryan at May 7, 2007 11:20 PM

Wow, a demo of a potential trust model for OpenID? Count me in as an attendee at that session at IIW.

Comment from Tim Bray at May 8, 2007 8:15 AM

Wow, it would really be verging on unethical for us to change the definition of what our openid provider does Having said that, while metadata is a good thing I suspect that you're going to have trouble removing humans from the loop, especially given that there are trust issues.

Comment from =Andy at May 28, 2007 8:10 AM

Using the XRDS that is built into OpenID 2.0 as part of yadis, it becomes easy to associate any number of services with your openID. These services could include any number of attribute exchange, reputation and trust services (yes, XDI being one of them).

The trick is having OpenID providers expose the XRDS to end users in a way that is useful to them. By that I mean
a) They have the ability to 'change' their own XRDS.
b) Providers support an automatic provisioning protocol so that end users can easily adopt new services without having to craft XML and manually edit their XRDS....

Rather than babble on here... I'll write a post on my blog about this

Leave a comment

I encourage you to leave a comment below. Your email address will not be displayed on Technometria, but allows me to communicate with you directly. Your email address won't be displayed, but will be used to compute a MicroID for your comment.