[PROPOSAL] Separate Public Identifier from IdP Identifier

Josh Hoyt josh at janrain.com
Fri Oct 6 17:33:52 UTC 2006


On 10/6/06, Martin Atkins <mart at degeneration.co.uk> wrote:
> * The IdP returns a document naming its authentication endpoint (in the
> "URI" field) and a special anonymous token as openid:Token. openid:Token
> may be the same as the public identifier from the previous step, but
> this is not required.

Anonymous is not a good thing to call this. What IdP-driven identifier
selection does is let the IdP help the user choose an identifier. In
no way is the response any more anonymous than an identifier that was
typed in by the user.

It is true that one of the motivations for this feature is the great
improvement in the user experience for site-specific identifiers, but
the IdP could just as well return a cross-site identifier for the
user.

Sorry to go on about terminology, but I think it's important for
understanding what's really going on.

Josh



More information about the specs mailing list