"This is user's URI" for Assertion Quality Extension
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Sep 5 08:15:17 UTC 2008
>What's the use-case?
If the RP doesn't care about distinguishing between users that have
accounts at a site but identify themselves as such anonymously, it
can reclassify them as "users that have accounts at a site",
consolidating what could be a large number of identities into a
single account. (This is largely a convenience for the Relying
Parties, reducing database clutter but perhaps the performance hit
wouldn't be noticed anyway?)
RP's may want to discriminate between users that use a "real" URI and
those that only use OpenID anonymously, just as users may want to
experiment with new sites using a unique (randomly generated) URI
that can't be associated with their accounts elsewhere, and then use
their main URI if they decide they like the RP's services. (I'm
hoping that others here will volunteer their own specific use-cases
or what they *could* do with such information were it asserted by an
OP.)
One form of discrimination could be encouraging users to have a
"real" URI by giving them more features - reward them for adapting to
the Web 2.0 model and using their OpenID around the web. Another
could be swifter expiration of new accounts under the presumption
that new users who use an anonymous URI are just experimenting with
the service (this would be both a performance convenience for RP's as
described above, and a complement of the encouragement more
immediately above, instead *dis*-couraging users from using an
anonymous URI for long-term use). (Since a user could still create
multiple accounts on one or more sites and use each of them as a
"real" URI; such discrimination wouldn't reduce the user's ability to
compartmentalize their identity and maintain privacy.)
-Shade
More information about the specs
mailing list