Wednesday, January 12, 2005

More LIDs

I suggested to Johannes Ernst that it would be very useful if all LID URLs hosted by the same service provider have the same format (i.e., He's now responded on his blog with a rationale of his thinking which brought about the structure LID uses:

...[O]ur goal was really to have only one URL for the person (well, the persona). Which means that using my blog URL as my LID URL (as I do) is a fundamentally simpler setup, and it provides the abstraction that we want to provide: there is one URL for a person, and depending on which arguments you provide (some, none, e.g. xpath=...) it returns different information.

It still seems, to me, to be more complicated then it needs to be, especially when compared to SMBmeta or the older Personal Directory structure that Novell talked about some years ago. There's also still the implementation problem. Shelley Powers objected to the Liberty Alliance because it's implemented "by and for" giant corporations, not users. LID suffers an even bigger mountain to get over, though, since it's proposed that ISPs do the implementation on behalf of users with no real incentive (e.g., profit) to do so. There's a reason why there are more users of Microsoft's Passport then all other "personal identity" schemes combined, and that's the fact that "someone else" (Microsoft) does the heavy lifting while the user gets rewarded (easy access to MS sites) for a minimal effort. Come up with a similar scheme and you'll smile all the way to the bank.

Re name formats for URLs: -
Note also that it appears currently in LID the URL
by itself is to be used to make access control
decisions, however this is contrary to Mr. Ernst's
goal that the URL is to be simple (typically a
short, user friendly name) as URLs will be reused
over time by ISPs, and there is no notification or
revocation mechanism in LID it seems. Same problem
was anticipated in X.500(93) and X.509v2 certificates
with the uniqueIdentifier for subjects, as
Distinguished Names with attributes containing
person's common names could not guarantee that it
always indicated that same person's entry for all
time, even if the DN was always unique at any given
instance. In URLs, in 2005 is not
necessarily the same user as in 2006.

Mark Wahl
Informed Control Inc.
Very good points, Mark. Thanks!
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]