[PROPOSAL] Separate Public Identifier from IdP Identifier
Martin Atkins
mart at degeneration.co.uk
Wed Oct 4 18:34:20 UTC 2006
Currently the conceptual model is that each user has a "public" (that
is, presented to RPs) identifier, but can optionally create additional
identifiers which "delegate" to the real identifier. The delegate
functionality has several purposes, including:
* "Vanity" identifiers on personal domains while letting someone else
do the hard work in running the IdP.
* Ability to switch IdPs without losing identity
However, experience has shown that the above model is often difficult to
grasp for those new to OpenID. This proposal is really just a set of
terminology changes and an alternative conceptual model that aim to make
the delegate functionality easier to understand. It does not change the
mechanism of delegation at all, though it does change the discovery
protocol.
I've placed the full proposal on the OpenID wiki:
<http://www.lifewiki.net/openid/SeparateIdentifierFromIdPToken>
More information about the specs
mailing list