Terminology open issue #1: IdP vs OP
Drummond Reed
drummond.reed at cordance.net
Tue Nov 21 07:10:53 UTC 2006
Dick, I have been torn on this one. I try not to change positions on an
issue without good reason. Eve's explanation of the full SAML meaning of IdP
was what swayed me.
That said, my original argument was that OpenID Provider was cleary a
"specialization" of Identity Provider that would be clearly recognizable to
people familiar with the latter term, and I still believe that's true.
Since the latest version of the pre-draft 11 spec uses the term OP, I
updated the Terminology wiki page to use it, and changed the open issue to
whether to switch back to IdP or not.
On that I defer to the editors and the rest of the community.
Opinions on the other terminology open issues?
http://openid.net/wiki/index.php/Terminology
=Drummond
-----Original Message-----
From: Dick Hardt [mailto:dick at sxip.com]
Sent: Monday, November 20, 2006 9:10 PM
To: Drummond Reed
Cc: specs at openid.net
Subject: Re: Terminology open issue #1: IdP vs OP
Drummond, you have sold out! ;-)
Your bias at http://openid.net/wiki/index.php/Terminology is showing at:
IdP vs. OP
It has been suggested that the specs use the term '''OpenID Provider
(OP)''' instead of '''Identity Provider (IdP)'''. However this would
diverge from the widely-accepted use of IdP in the SAML, Liberty, and
CardSpace communities.
Actually, CardSpace also uses Identity Selector and STS.
IdP is a term in federation deployments. Given the user-centric
architecture of OpenID, I think a different name is good, and *your*
argument that the server is not providing any *identity* I think is
still a great argument!
-- Dick
On 20-Nov-06, at 12:01 PM, Drummond Reed wrote:
> To tear into the meat of the terminology open issues at http://
> openid.net/wiki/index.php/Terminology, the first issue has already
> received quite a bit of discussion: switching from Identity
> Provider (IdP) to OpenID Provider (OP).
>
>
>
> I was originally a supporter of this change, because I had always
> felt Identity Provider was somewhat of a misnomer, particularly
> when it came to a system like OpenID where the IdP was generally
> NOT the source of your identifier.
>
>
>
> However Eve Maler (co-chair of the OASIS SSTC that did SAML and co-
> editor of the SAML Glossary) made this point in an earlier post:
>
>
>
> <quote>
>
>
>
> Just to be clear, "identity provider" in SAML isn't intended to
> mean that this system entity is providing an identity to a digital
> subject -- it means that this system entity is providing identity
> information (specifically verification/authentication info) to a
> relying party/service provider.
>
>
>
> From the SAML glossary (now in HTML...):
>
>
>
> http://www.oasis-open.org/committees/download.php/21053/saml-
> glossary-2.0-os.html#IdentityProvider
>
>
>
> http://www.oasis-open.org/committees/download.php/21053/saml-
> glossary-2.0-os.html#RelyingParty
>
>
>
> Often, but not always, a SAML authentication authority also serves
> as an attribute authority:
>
>
>
> http://www.oasis-open.org/committees/download.php/21053/saml-
> glossary-2.0-os.html#AttributeAuthority
>
>
>
> <endquote>
>
>
>
> For this reason, I have reversed my position and now feel that it
> would not benefit the OpenID community to use a different term than
> that already well-established by SAML.
>
>
>
> -1 to making this change.
>
>
>
> =Drummond
>
>
>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list