RE: What if an URI also is a URL

Somewhere in the openId spec there is a line about checking whether a person is (owns) the openId uri, that is about identifying is you ask me.

The problem is that an openId url is in fact a web page (document) with a link element inside, so there's a problem here. The same uri is identifying both the webpage and the person using it as an openId uri. A possible solution could of course again be using a hash URL as openId url.

Rikkert Koppes (mophor)


-----Original Message-----
From: semantic-web-request@w3.org on behalf of Richard Cyganiak
Sent: Sun 6/10/2007 8:37 PM
To: M. David Peterson
Cc: Tim Berners-Lee; r.j.koppes; Yuzhong Qu; Sandro Hawke; semantic-web@w3.org; swick@w3.org; phayes@ihmc.us
Subject: Re: What if an URI also is a URL
 

David,

The problem is that the ID in OpenID and the I in URI both stand for  
Identity/Identifier, but in very different senses of the word: OpenID  
is about *authentication*, URIs are about *naming*. Your overreact  
because you take Tim to mean the first sense when he meant the  
second. Tim does not object to your use of your homepage to  
authenticate yourself. He cautions us that we cannot use its URI to  
name you.

Imagine a world where everything -- absolutely everything -- has one  
or more unique barcode printed on it. Including passports and people.  
And everyone has a free barcode printer. Tim has simply asserted that  
the barcode on your forehead should be different from the barcode on  
your passport. This does in no way preclude you from using your  
passport to authenticate yourself.

Cheers,
Richard


On 10 Jun 2007, at 03:22, M. David Peterson wrote:

>
> On Sat, 09 Jun 2007 07:13:52 -0600, Tim Berners-Lee <timbl@w3.org>  
> wrote:
>
>> No. It cannot identify both a document and a person.
>
> Tim: Will all due respect... WTF?
>
> Wait, hold up.  Let me step back.  I have a *DEEP* admiration and  
> respect for you.  Always have.  As such, I have to step back and  
> realize there is obviously a reason why you have made this  
> statement.  With this in mind,
>
> http://mdavid.name
>
> At this URI you will find my personal web page.  That web page  
> links to my various blogs and projects that exist on the web.
>
> Embedded into this page is an OpenID delegation that specifies  
> "Here's who I am.  Here's where you can go to invoke an  
> authentication process that, when complete, provides reasonable  
> assurance that I am the person who maintains control of that  
> particular URI (mdavid.name) and as such I should be allowed access  
> to perform the various operations I have been given permission to  
> perform on your web site."
>
> So we have a web page that represents me.
>
> Embedded in that web page is the necessary information for an  
> OpenID authentication service to access the necessary information  
> that allows a web site that supports OpenID to authenticate me as  
> the person who presently maintains control of that domain.
>
> Same HTML.  Two different purposes.  Both served.
>
>> No. It cannot identify both a document and a person.
>
> Why?  Are you suggesting that what I have done -- i.e. used a  
> domain I presently maintain control over to provide information  
> embedded into the same document intended to serve different  
> purposes, and do so quite legitamatelly and successfully -- is in  
> fact, wrong?  If yes, how so?  It works and works well.  Nothing  
> has been broken as a result, and the same URI had identified both a  
> document and a person.
>
> Care to ellaborate.
>
> -- 
> /M:D
>
> M. David Peterson
> http://mdavid.name | http://www.oreillynet.com/pub/au/2354 | http:// 
> dev.aol.com/blog/3155
>
>

Received on Monday, 11 June 2007 14:13:24 UTC