[OpenID] foaf and openid

[Peter Williams]

		If this rewrite is even half accurate, the FOAF-centric RDF locator function and the follow-up SPAQL query on the RDF document by the OP Consumer would play a similar added-value to that played by OpenID Exchange. 

 
The other angle on RDF that is interesting, irrespective of FOAF,  comes down to the role of an OP when issuing authorization assertions -- versus mere identity claims or attribute statements.
 
If I get the Bandit stuff right, an XACML engine can be querying the RDF, and thus an OP applying an XACML-driven Policy Enforcement Point rules can be playing much the same role as an "authorization STS" plays in the ws-federation/cardspace model.
 
IBM's famous use case of medical work is worth revisiting, for context. It countenances a worldview in which STS/OP agents and the endpoints using a ws-federation binding ping each other, looking for the necessary tokens. One token proves the medic is identified as licensed.. Another proves the medic is actually accountable and "on duty", at an accredited hospital. Another has your personal doctor release your critical medical data held only by a second accredited hospital in an emergency, given you nominated him/her to authorize the release of such data in case of... as has happened... you are  unconscious in the emergency room needing treatment, and incapable of giving consent directly.
 
The last case of token issuing is an act of authorization - enforcing a release policy - a  little like OPs do in OpenID exchange. However, the RULES for release can be expressed in XACML and registered in the metadata triples of an RDF resource, if I get things 10% correct in my increasingly enfeebled brain. The prolog-like reasoning power of RDF with a schema of authorization rules in XCAML applied to a release policy of an OP surely make structured OP interactions a reality for OpenID protocols... just as much they do for ws-federation/ws-trust/Cardspace.