Features for Future Versions
Chasen, Les
les.chasen at neustar.biz
Mon Apr 2 18:48:46 UTC 2007
I also agree with the feedback however I wanted to just pass along how I
am using authentication and authorization on a series of applications
that I am working on.
I have a couple of applications that use standard openid authentication
using XRDS documents but they also require the user to be authorized to
use particular resources. In most cases authorization can be
accomplished by profile data in a local database. In my case, though,
the authorization comes from data in a third party database. I could
have each application just write code via some API to the third party
data source but I also want to provide for this capability to be
federated to multiple trusted sources. I am therefore taking advantage
of the service end point selection capability described in the XRI
resolution spec at
http://www.oasis-open.org/committees/download.php/17293.
contact: =les
sip: =les/(+phone)
chat: =les/skype/chat
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf
> Of Drummond Reed
> Sent: Monday, April 02, 2007 2:26 PM
> To: 'Dick Hardt'; 'McGovern, James F ((HTSC, IT))'
> Cc: specs at openid.net
> Subject: RE: Features for Future Versions
>
> James,
>
> I agree with Dick's feedback. I don't believe OpenID, as an overall
> Internet
> identity framework, is subject to either limitation you asked about.
But
> we
> must work our way up into each of those areas of functionality.
>
> The more you can tell us about specific functions and use cases you'd
like
> to see supported, the better we can appraise what it will take to get
> there.
>
> =Drummond
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf
> Of Dick Hardt
> Sent: Monday, April 02, 2007 8:20 AM
> To: McGovern, James F ((HTSC, IT))
> Cc: specs at openid.net
> Subject: Re: Features for Future Versions
>
>
> On 2-Apr-07, at 8:09 AM, McGovern, James F ((HTSC, IT)) wrote:
>
> > I originally joined this list with the hopes of injecting support
> > for relationships, authorization and attestation into the
> > specification but have been somewhat disappointed. I do have the
> > following questions?
> >
> > 1. Will OpenID avoid incorporating features where identity
> > selectors such as Cardspace don't support the functionality?
> >
> > 2. Will OpenID always constrain itself to areas where traditional
> > PKI vendors have played (authentication) and avoid areas where PKI
> > can't tread (authorization)?
>
> Hi James
>
> Authentication and authorization are somewhat overloaded words and
> different people mean different things by them. I recall you sending
> out a link to a set of requirements you had helped create. The
> dynamics of this mailing list tend to support concise use case
> discussion rather delve into large documents. A concise use case of
> what you mean by Authorization may prove useful to guide the
> discussion and work.
>
> -- Dick
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list