W3C home > Mailing lists > Public > semantic-web@w3.org > January 2010

Re: foaf:openid and validity

From: Matthias Quasthoff <matthias--web@quasthoffs.de>
Date: Thu, 28 Jan 2010 13:31:58 +0100
Message-ID: <4B6183BE.1090903@quasthoffs.de>
To: Dan Brickley <danbri@danbri.org>
CC: Melvin Carvalho <melvincarvalho@gmail.com>, semantic-web@w3.org
Hi all,

Dan Brickley schrieb:
> On Sun, Jan 24, 2010 at 9:12 PM, Matthias Quasthoff wrote:
>> My Web ID is <http://quasthoffs.de/matthias>. From the semantics of OpenID I
>> do not see why <http://quasthoffs.de/matthias> should not be my OpenID. IMHO
>> any resource should qualify to be my OpenID.
> 
> Yes, this is a case not supported by having foaf:openid's range be
> foaf:Document. I'm willing to relax this if the consensus of the
> OpenID community is that OpenID URIs (can? always?) directly identify
> people, rather than their personas/accounts.

In the OpenID 1.1 specs [1] it says
> OpenID Authenticaion provides a way to prove that an End User owns an Identity URL
and
> Identifier:
>     An Identifier is just a URL. The whole flow of the OpenID Authentication protocol is about proving that an End User [...] owns a URL. 
In the 2.0 specs, such explicit statements have been removed, probably 
due to some other non-URI identitfiers.

If an OpenID relying party goes to my (FOAF) identity URI 
<http://quasthoffs.de/matthias> with Accept: application/xrds+xml, it 
will be served an XRDS document containing a link to what I would say is 
my OpenID account 
<https://openid.hpi.uni-potsdam.de/user/Matthias.Quasthoff>.

I understand that I shouldn't say
> ex:me foaf:holdsAccount ex:me

But saying foaf:openid is a sub-property of foaf:isPrimaryTopicOf and 
saying the foaf:openid leads to a foaf:Document does not seem justified, 
because, yes, there are accounts for OpenID (this https://openid.hpi... 
thing for me), but I don't see a point for limiting these delegation URIs.

Best,
Matthias




In OpenID it is explicitly encouraged to embed this delegate URI (what I 
think is the account URI) into arbitrary Web sites, such as a blog or 
whatever. Why should it be ok to delegate my OpenID account to my blog's 
URL but not to my identity URI?




[1] http://openid.net/specs/openid-authentication-1_1.html
Received on Thursday, 28 January 2010 12:32:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:48:05 UTC