Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] [IdPv3] Clustering & Data Storage

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] [IdPv3] Clustering & Data Storage


Chronological Thread 
  • From: "Cantor, Scott E." <>
  • To: "" <>
  • Cc: Drummond Reed <>
  • Subject: RE: [Shib-Dev] [IdPv3] Clustering & Data Storage
  • Date: Wed, 2 Mar 2011 15:30:44 +0000
  • Accept-language: en-US

> Like DNS, with XRI, organizations control their own namespace. So when I
> registered
> @gluu, my organization's i-number is : @!DA85!5F98!95A1!CA3B
>
> I can extend this namespace as I see fit, for example:
> @gluu*mike = @!DA85!5F98!95A1!CA3B!ABCD

You can do all that with URIs, because you don't have to store the registry
itself in DNS. It's parently obvious that you can do this because XRIs can be
expressed as URIs.

> A better naming system would have a myriad uses. How can two people
> exchange data? How can you lookup organizational data? How can you
> reference global groups? It would also provide an easy solution for
> SP-initiated authentication (right now you can't do a lookup on a person,
> so we are thinking of all the crazy work-arounds). Really, the benefits of
> being able to globally name things are too numerous to list.

Yes, but global names impact privacy. That's off-topic for the question of
pairwise identifiers.

I also don't see how it fixes the problems of referencing people, because
people will not accept identification using them. They didn't accept URIs as
personal identifiers and they won't accept XRIs any better. For better or
worse, email addresses are the only game in town right now. And the fact that
Google and the other large properties have cornered the market on how users
self-identify with email is a serious problem for federation and discovery.

But it would be a mistake to try and convince people to accept something
perceived as complicated as a replacement.

> The Internet architects created a Internet scale naming system to replace
> the hosts file, but they didn't see the name to create an Internet scale
> /etc/passwd file. XRI answers this finally.

Email has already staked that territory out, for better or worse.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page