Shibboleth Developers

["Cantor, Scott E." <>]

> Like DNS, with XRI, organizations control their own namespace. So when I
> registered
>    @gluu, my organization's i-number is : @!DA85!5F98!95A1!CA3B
> 
> I can extend this namespace as I see fit, for example:
>    @gluu*mike = @!DA85!5F98!95A1!CA3B!ABCD

You can do all that with URIs, because you don't have to store the registry 
itself in DNS. It's parently obvious that you can do this because XRIs can be 
expressed as URIs.
 
> A better naming system would have a myriad uses. How can two people
> exchange data? How can you lookup organizational data? How can you
> reference global groups? It would also provide an easy solution for
> SP-initiated authentication (right now you can't do a lookup on a person,
> so we are thinking of all the crazy work-arounds). Really, the benefits of
> being able to globally name things are too numerous to list.

Yes, but global names impact privacy. That's off-topic for the question of 
pairwise identifiers.

I also don't see how it fixes the problems of referencing people, because 
people will not accept identification using them. They didn't accept URIs as 
personal identifiers and they won't accept XRIs any better. For better or 
worse, email addresses are the only game in town right now. And the fact that 
Google and the other large properties have cornered the market on how users 
self-identify with email is a serious problem for federation and discovery.

But it would be a mistake to try and convince people to accept something 
perceived as complicated as a replacement.

> The Internet architects created a Internet scale naming system to replace
> the hosts file, but they didn't see the name to create an Internet scale
> /etc/passwd file. XRI answers this finally.

Email has already staked that territory out, for better or worse.

-- Scott