Consolidated Delegate Proposal

Josh Hoyt josh at janrain.com
Tue Oct 10 17:23:12 UTC 2006


On 10/10/06, Dick Hardt <dick at sxip.com> wrote:
> I am really unclear on why do we need both openid.identity and
> openid.rpuserid?

RP user id is the identifier by which the relying party knows the
user. "openid.identity" is the IdP user id. The IdP user id is the
"delegate" if one is present, or the same as the RP user id if it is
not. This is consistent with its current usage.

Having this field allows IdP-driven identifier selection to return an
assertion that works with a delegated identifier, since the IdP can
specify the RP user id that the user wants.

It also allows the IdP to e.g. make persona selections based on the
way that the user identified himself to the RP.

Does that help?

Josh



More information about the specs mailing list