In Identity Loss with OpenID 2.0, I have depicted the problem of the current spec. and shown a possible solution verbally. Now, I am presenting it graphically, and with more details.
Then, in OpenID Authentication 2.0,
Final identifier of the user is issued by AN.
This is a source of various problem as I have written in the past.
We can try to separate them out and have the DS issue the final identifier. Here is the sequence diagram for such a case, for user specified user identifier, where
Case 1: User Specified Identifier
USID:=User Specified ID
RPSig:=RP’s Signature over the message
PPID:=Pairwise Pseudonymous ID
CoreID:=Permanent ID of the user, Canonical ID
Note: Here, I have used PPID, but it could as well be a conventional permanent ID.
Case 2: OP Identifier (identifier_select)
For the case of identifier_select, it would be preceded by:
(fig.2) OP Identifier Case
Replace PPID here with USID in (fig.1) and the rest follows.
FYI, the user’s XRD that is returned from DS would look like this:
<xrd> <subject>example.com/ppid/132435</subject> <link> <rel>http://example.openid.net/an/1.0</rel> <url>https://myop.com/</url> <ds :KeyInfo> .... </ds> </link> <ds :Signature> .... </ds> </xrd>
In the above sequence diagram, there are two XRDs involved: i.e., User XRD, and the AN’s XRD. The authentication endpoint is not written in the user’s XRD. It just has the link to the Authentication Provider and the concrete end point must be obtained from the AN’s XRD.
There are some security features involved here as well.
First, the user’s XRD is signed. Who should sign this XRD is still an open question. It may be application specific. For the interest of privacy, in the above case, I think it should use example.com’s certificate.
You should also note XRD/Link/ds:KeyInfo.
It has a list of public keys in it.
It says that the XRD of the AN must be signed by the private key corresponding to one of the public key in the list. This makes sure that the AN is the service that this user has intended to use.