Consolidated Delegate Proposal
Josh Hoyt
josh at janrain.com
Tue Oct 10 17:23:12 UTC 2006
On 10/10/06, Dick Hardt <dick at sxip.com> wrote:
> I am really unclear on why do we need both openid.identity and
> openid.rpuserid?
RP user id is the identifier by which the relying party knows the
user. "openid.identity" is the IdP user id. The IdP user id is the
"delegate" if one is present, or the same as the RP user id if it is
not. This is consistent with its current usage.
Having this field allows IdP-driven identifier selection to return an
assertion that works with a delegated identifier, since the IdP can
specify the RP user id that the user wants.
It also allows the IdP to e.g. make persona selections based on the
way that the user identified himself to the RP.
Does that help?
Josh
More information about the specs
mailing list