[OpenID] [foaf-dev] Can OpenID identify a person

Dan Brickley danbri at danbri.org
Thu Jun 7 20:50:46 BST 2007


Peter Williams wrote:
>>> Some SemWeb people (notably TimBL) take care to have a 
>> "non-Document"  
>>> URI for themselves, distinct from their homepages. eg.  
>>> http://example.org/foaf#memyself  ... but I don't know any usage of 
>>> these as OpenID URIs. In fact I don't know if an OpenID can have a 
>>> #hashblahblah section, or how that interacts with common 
>> OpenID tools, 
>>> services and practice.
> 
>  
>> This is impossible, because # defines a section of the 
>> document that is chosen locally and there can be only one 
>> declaration of an OpenID per document.
> 
> 
> Can we go through this more carefully, please?
> 
> My understanding was, that the user-centric URI is selected entirely by
> the individual, who "controls" it. (a) it must be valid URI syntax; no
> other constraints are specified (b) it may or may not have a
> globally-resolvable domain-name component. If one wants "100% control"
> over the URI and its portability, one does not use a domain name
> CONTROLLED BY a domain name registrar. The same control dynamics also
> apply to the XRI variant OpenIDs.

w.r.t. XRI, same presumably goes for uuid:, urn: and various other 
non-http: URI schemes? Is there any reason to consider XRIs somehow 
apart from the general URI model? Aside from their policy or technical 
attractiveness, I mean: can non XRI experts treat XRIs as "just" a URI 
scheme? At least in the context of RDF / OpenID discussions? I guess 
it's time I read up on XRIs...


> My understanding was also:- To identify the OP instance(s) "managing"
> your URI/XRI (for this month), the URI must be the basis for the normal
> openid Consumer lookup - to locate the OP servers' address/URLs. How
> globally resolvable that location service shall be...is a function of
> the resolvability of the OpenID URI name. 

Yup, makes sense to me. On the Web in general, dereferencing is a 
privilege not a right. It is a very useful privilege though :)

> Nothing however requires the Consumer to use a global resolution service
> (based on public domain names and public XRI resolvers, probably), nor
> for the OpenID to be globally resolvable. One could be in a private
> OpenID management domain, where local knowledge is required by the
> OpenID Consumer ...to complete username->svcprovideraddr resolution.

An RDF notation for this information might be one useful way for 
exchanging that local knowledge (eg. via SPARQL queries
http://www.w3.org/TR/rdf-sparql-query/
http://www.w3.org/TR/rdf-sparql-protocol/
http://www.w3.org/TR/rdf-sparql-json-res/ ).

> My understanding of XRDS was:- XRDS service-locator element in the
> simple XML file are intended to help out in the above, for both the
> public and the n private management domains where a URI/XRI are being
> "managed." However, the XRDS document is at most non-authoritative,
> being insecurely transferred. It's a "hint" process.

 From what you say, ... my understanding of the contraints on a FOAF (or 
perhaps other RDF) representation of OpenID include:

  * that we should be careful *not* to assume http: URIs are always used
  * or that de-referencable via public infrastructure is the only 
deployment mode for OpenID
  * or that all OpenIDs can be considered identifiers of documents and 
only indirectly, of people

I think this is consistent with a new foaf:openid property in FOAF that 
has a domain of foaf:Agent and range of foaf:Document. It would:

  * allow the document to be identified by any URI scheme (standard 
practice in RDF)
  * not imply complete coverage: there might be uses of OpenID it 
doesn't fit
  * not describe all the intimate details of delegation, resolution etc
  * not imply that all OpenIDs identify people; it would imply however 
that anything with a foaf:openid is an "Agent" (a pretty broad 
category), and remain agnostic about whether there were other cases.

I'm not 100% convinced about defining the range of foaf:openid as 
Document, but from what I hear, it sounds like it would cover current 
deployed practice. For non RDF-heads, the "range" of a property is the 
class of things that you can expect as values of the property (while 
"domain" is the class of thing the property is applied to). The nice 
diagram in the old MCF spec explains it quite visually, see
http://www.textuality.com/mcf/NOTE-MCF-XML.html#sec2. (MCF is an ancient 
ancestor of RSS/Atom).



A question about the spec ...
In http://openid.net/specs/openid-authentication-1_1.html

"An Identifier is just a URL. The whole flow of the OpenID 
Authentication protocol is about proving that an End User is, owns, a URL."

Here we have both "is" and "owns", but later

"Verified Identifier:
     An Identifier that the End User has proven to a Consumer that they 
own."

Is ownership the dominant concept?

I can be said to "own" http://danbri.org/ and there are ways to verify 
that. Whereas whether I "am" that same thing in some verifiable and 
non-metaphorical sense feels a bit too philosophical a question.

What I take away from reading that spec is a reasonably close fit to
http://www.w3.org/TR/webarch/#indirect-identification in the Web 
Architecture, ie. that this is a case of indirect identification via an 
intermediary document (in my case, my homepage).

Are there members of the openID community who will insist that OpenID 
URIs really are direct identifiers (in the sense of 
http://tools.ietf.org/html/rfc3986) for flesh and blood people? If 
that's the design, we should take care not to step on toes when 
reflecting it into RDF/FOAF...

cheers,

Dan

Dan


More information about the foaf-dev mailing list