"This is user's URI" for Assertion Quality Extension
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Sep 5 19:00:27 UTC 2008
>All of your use-cases here seem to be to do with the RP somehow
>discriminating against users that have a flag set.
There's a new use-case type in my reply to Paul Madsen.
By the way, I'm concerned about your phrasing there. By saying that
the RP "discriminates *against*" such users, it implies that the only
difference users will see is a negative. This is most definitely NOT
the case, since less database clutter will result in faster lookup
times for ALL users (though, again, I do not know if such speed
differences would be discernible by anyone in real-time).
>With that in mind, what's the incentive for the OP to actually set the flag?
What service would it provide to their users?
Apart from the new use-case referenced above, it's a way for the OP
to ensure that RP's treat the real OpenID's *as* real. I suppose I
could detect Directed Identity and say "Please don't do this, enter
your actual URI instead.", but then the user *can't* use an anonymous
ID (without at least one more click if I let them resume as usual),
and if they've become accustomed to Directed Identity (or never
learned how to enter their URI!), it'll interrupt the flow for them.
(Kind of like the situation we have now, where users gleefully charge
out to use their OpenID's and then say "Hey wait, where's my login
screen for OpenID?" because there aren't many sites which "support
OpenID" but trust anyone else's OP.) This would only be a reactive
measure, though, for RP's refusing to treat Directed Identity as a
*real* Identity.
How much of the "RP's trusting OP's" issue is a reluctance to embrace
the web 2.0 model of user-centric identity? Could the OP offer its
users "increased acceptance at [such] RP's" by marketing to those
RP's that an "anonymous" URI marks a unique user:OP:RP relationship
that identifies the user as one of that site's human assets (not an
entity unto themselves) and merely provides a way of distinguishing
them from other human assets currently held by the site?
-Shade
More information about the specs
mailing list