Essence of LID
LID consists of only four basic ideas:
Use URLs to identify Peoeple
The most fundamental idea behind LID is to use URLs to identify people, or more precisely, Personas. That way, people (and their digital identities):
- can be found on the internet using search engines such as Google
- can be bookmarked
- can be pointed to from a web page
- can be tagged using del.icio.us or similar services
- can be printed on a business card
and many other uses.
However, LID is not limited to identifying humans; equally well it can identify organizations, web resources (pages, scripts ...), things or software agents, in which case the LID URL is an Entity LID.
Support queries on the LID URL
LID URLs support queries by which a user can obtain information about the owner of the LID URL. How much or how little information the LID URL owner reveals is up to them, but the way of accessing it is always the same.
obtains the full name of the owner of the LID URL, if the owner wanted to reveal that information and decided to support the LID 2.0 VCard Profile.
Allow commands on the LID URL
In order to support functionality such as single-sign-on, message authentication etc., LID URLs understand a certain number of commands.
indicates that a 3rd-party site (here: http://example.net/) would like to obtain confirmation that the current browser session is indeed owned by the owner of the LID URL.
Since LID started supporting Yadis, the LID URL may delegate commands to alternate service URLs, an idea that originally appeared in OpenID. Using this delegation mechanism, the owner of a blog, for example, can turn their blog URL into a full LID URL simply by adding the Yadis X-XRDS-Location tag to their HTML markup.
Sign URL requests with requestor's identity
In order to prevent 3rd parties from impersonating the owner of a LID URL, LID requests can be digitally signed.
For example, the request
also carries information about who performed the request (the lid parameter), what type of credential they provided (lid-credtype) and the actual credential (lid-credential), such as an electronic signature of the request.
Since OpenID is also supported as an authentication protocol, the electronic signature function can also be performed by OpenID.