![[OpenID enabled]](http://lid.netmesh.org/images/openid-relying-party-anonymous.gif)
![[XRI enabled]](http://lid.netmesh.org/images/inames.gif)
![[LID enabled]](http://lid.netmesh.org/images/lid-relying-party-anonymous.gif)
EssenceOfLID
From LID Wiki
LID consists of only four basic ideas.
Contents |
Use URLs to identify Person(a)s
The most fundamental idea behind LID is to use URLs to identify people, or more precisely, Personas. That way, people (and their digital identities):
- can be found on the internet using search engines such as Google
- can be bookmarked
- can be pointed to from a web page
- can be tagged using del.icio.us or similar services
- can be printed on a business card
and many other uses.
This very simple idea was since taken up by other projects such as OpenID and Yadis and appears to find broad support among internet users.
For example:
http://lid.netmesh.org/liddemouser/
identifies a (hypothetical) person, called Mr. LID Demo User. That makes this URL as Personal LID.
However, LID is not limited to identifying humans; equally well it can identify organizations, web resources (pages, scripts ...), things or software agents, in which case the LID URL is a Entity LID.
Support queries on the LID URL
LID URLs support queries by which a user can obtain information about the owner of the LID URL. How much or how little information the LID URL owner reveals is up to them, but the way of accessing it is always the same.
For example:
http://lid.netmesh.org/liddemouser/?xpath=/VCARD/FN
obtains the full name of the owner of the LID URL, if the owner wanted to reveal that information and decided to support the LID 2.0 VCard Profile.
Since LID started supporting Yadis, the LID URL may delegate queries to alternate service URLs, an idea that originally appeared in OpenID. Using this delegation mechanism, the owner of a blog, for example, can turn their blog URL into a full LID URL simply by adding the Yadis X-XRDS-Location tag to their HTML markup. (see Yadis)
Allow commands on the LID URL
In order to support functionality such as single-sign-on, message authentication etc., LID URLs understand a certain number of commands.
For example,
http://lid.netmesh.org/liddemouser/?lid-action=sso-approve&lid-target=http://example.com/
indicates that a 3rd-party site (here: http://example.com/) would like to obtain confirmation that the current browser session is indeed owned by the owner of the LID URL.
Since LID started supporting Yadis, the LID URL may delegate commands to alternate service URLs, an idea that originally appeared in OpenID. Using this delegation mechanism, the owner of a blog, for example, can turn their blog URL into a full LID URL simply by adding the Yadis X-XRDS-Location tag to their HTML markup. (see Yadis)
Sign URL requests with requestor's identity
In order to prevent 3rd parties from impersonating the owner of a LID URL, LID requests can be digitally signed.
For example, the request
http://lid.netmesh.org/liddemouser/?...&lid=...&lid-credtype=...&lid-credential=...
also carries information about who performed the request (the lid parameter), what type of credential they provided (lid-credtype) and the actual credential (lid-credential), such as an electronic signature of the request.
Since OpenID is also supported as an authentication protocol, the electronic signature function can also be performed by OpenID.
That's all there is to the architecture. Simple, right? ;-)
