- From: Richard Cyganiak <richard@cyganiak.de>
- Date: Sun, 10 Jun 2007 20:37:03 +0200
- To: "M. David Peterson" <m.david@xmlhacker.com>
- Cc: "Tim Berners-Lee" <timbl@w3.org>, "r.j.koppes" <rikkert@rikkertkoppes.com>, "Yuzhong Qu" <yzqu@seu.edu.cn>, "Sandro Hawke" <sandro@w3.org>, semantic-web@w3.org, swick@w3.org, phayes@ihmc.us
David, The problem is that the ID in OpenID and the I in URI both stand for Identity/Identifier, but in very different senses of the word: OpenID is about *authentication*, URIs are about *naming*. Your overreact because you take Tim to mean the first sense when he meant the second. Tim does not object to your use of your homepage to authenticate yourself. He cautions us that we cannot use its URI to name you. Imagine a world where everything -- absolutely everything -- has one or more unique barcode printed on it. Including passports and people. And everyone has a free barcode printer. Tim has simply asserted that the barcode on your forehead should be different from the barcode on your passport. This does in no way preclude you from using your passport to authenticate yourself. Cheers, Richard On 10 Jun 2007, at 03:22, M. David Peterson wrote: > > On Sat, 09 Jun 2007 07:13:52 -0600, Tim Berners-Lee <timbl@w3.org> > wrote: > >> No. It cannot identify both a document and a person. > > Tim: Will all due respect... WTF? > > Wait, hold up. Let me step back. I have a *DEEP* admiration and > respect for you. Always have. As such, I have to step back and > realize there is obviously a reason why you have made this > statement. With this in mind, > > http://mdavid.name > > At this URI you will find my personal web page. That web page > links to my various blogs and projects that exist on the web. > > Embedded into this page is an OpenID delegation that specifies > "Here's who I am. Here's where you can go to invoke an > authentication process that, when complete, provides reasonable > assurance that I am the person who maintains control of that > particular URI (mdavid.name) and as such I should be allowed access > to perform the various operations I have been given permission to > perform on your web site." > > So we have a web page that represents me. > > Embedded in that web page is the necessary information for an > OpenID authentication service to access the necessary information > that allows a web site that supports OpenID to authenticate me as > the person who presently maintains control of that domain. > > Same HTML. Two different purposes. Both served. > >> No. It cannot identify both a document and a person. > > Why? Are you suggesting that what I have done -- i.e. used a > domain I presently maintain control over to provide information > embedded into the same document intended to serve different > purposes, and do so quite legitamatelly and successfully -- is in > fact, wrong? If yes, how so? It works and works well. Nothing > has been broken as a result, and the same URI had identified both a > document and a person. > > Care to ellaborate. > > -- > /M:D > > M. David Peterson > http://mdavid.name | http://www.oreillynet.com/pub/au/2354 | http:// > dev.aol.com/blog/3155 > >
Received on Sunday, 10 June 2007 18:37:48 UTC