Re: What if an URI also is a URL

On Sun, 10 Jun 2007 14:13:26 -0600, carmen <> wrote:

> i'll take the same number on the RFID tag implanted under my skin, and  
> my passport, thanks. theyre both to identify me anyways. any ID  
> referring to the passport itself is up to the issuing agency to care  
> about, the analogy being a GUID or quad-hash in the store never exposed  
> to the user or usually even the developer..

This reminds me of that > < and  
I believe is absolutely, exactly spot on the money.  The only thing we  
should care about is "I am me.  Here is where you can find out more  
information about me." If a requesting client needs one particular piece  
of ID, then it should be able to specify to *me* (aka  
"I need this kind of ID to continue forward with the transaction."  In  
other types of requests (e.g. a site visitor who is using an HTML-enabled  
browser in HTML format) I will provide for them a document in HTML  
format.  If it's an OpenID transaction, I will provide that same HTML  
format which can then be used to extract the information it needs to  
perform the authentication process. If a mobile device accesses the site,  
and that mobile devices provides support for SVG-Tiny, the only thing that  
it should need to do is properly identify itself as being a particular  
type of mobile phone, and my server should then say "Oh, you're a mobile  
phone who can render SVG-Tiny.  Here you go."

All of this said, of course, I do recognize that different objects should  
have distinct ID's that represent what they are.  But it should be *my*  
responsibility to reach into my virtual wallet and provide the proper form  
of identification, not your responsibility to take an ID of the ID, to  
then go and get that ID out of my wallet.  I'll give it to you if you ask  
nicely.  But the request should be in the format "I need a valid form of  
ID.  For example, a state issued drivers license" not "I would like  


M. David Peterson | |

Received on Sunday, 10 June 2007 20:43:23 UTC