[OpenID] OpenID 2.1 clarification on use of LocalID

Peter Williams pwilliams at rapattoni.com
Sat Apr 11 16:55:54 UTC 2009


Could we imagine pleasant, cooperative hook up now between the world of saml2 and openid - at least over discovery? Im no so sure, if I answer my own question.

There do seem to be interworking limits concerning what SAML2 specifies. We already enabled our Federation Portal (a B2B OP, essentially) to cooperate the "4th party" discovery service - and it all works fine (with the same vendor's software stack for RPs.) I'm not convinced that I could substitute the vendor's discovery server with that from Sun, tho; or SUN's opensso servers acting for RPs can cooperate with the discovery server from my vendor.  This is despite both vendors doing the same "idp discovery" profile of SAML2.

As one could probably guess, I have little interest in endorsing some cabal of giant telco-like middleware companies getting into the business of running a common discovery server/service for all people (using XRI). That would essentially be "X.500 reborn", with the bits used being swapped from those specified by ISO to those specified by OASIS. What we want is a middle ground in the world of XRI that enables users in private management domains (communities of trust, in web speak) to share their discovery points with their peers - perhaps leveraging 2-stage discovery architectures used in the highly scalable sparse mode PIM routing protocols - where well known boostrapping servers facilitate the learning of the COT-based discovery endpoints.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Santosh Rajan
> Sent: Saturday, April 11, 2009 2:01 AM
> To: general at openid.net
> Subject: Re: [OpenID] OpenID 2.1 clarification on use of LocalID
> A fourth party an RP can contact. It just needs cookie setting and
> reporting
> on the part of the fourth party.
> SitG Admin wrote:
> >
> >>Maybe we just need one extra step in OpenID spec, where a user can
> specify
> >>his "preferred OP" at a centralized location when he comes into any
> RP the
> >>first time?
> >
> > Can you clarify what you mean by "a centralized location" here?
> >
> > Would it be the centre of all user-space, i.e. a 4th party the RP's
> > contact, or would it be the centre of all interactions *per user*,
> > i.e. an OP that intelligently recognizes when to redirect to others?
> >
> > -Shade
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
> --
> View this message in context: http://www.nabble.com/OpenID-2.1-
> clarification-on-use-of-LocalID-tp22977099p22999268.html
> Sent from the OpenID - General mailing list archive at Nabble.com.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list