"This is user's URI" for Assertion Quality Extension

SitG Admin sysadmin at shadowsinthegarden.com
Fri Sep 5 19:00:27 UTC 2008


>All of your use-cases here seem to be to do with the RP somehow 
>discriminating against users that have a flag set.

There's a new use-case type in my reply to Paul Madsen.

By the way, I'm concerned about your phrasing there. By saying that 
the RP "discriminates *against*" such users, it implies that the only 
difference users will see is a negative. This is most definitely NOT 
the case, since less database clutter will result in faster lookup 
times for ALL users (though, again, I do not know if such speed 
differences would be discernible by anyone in real-time).

>With that in mind, what's the incentive for the OP to actually set the flag?

What service would it provide to their users?

Apart from the new use-case referenced above, it's a way for the OP 
to ensure that RP's treat the real OpenID's *as* real. I suppose I 
could detect Directed Identity and say "Please don't do this, enter 
your actual URI instead.", but then the user *can't* use an anonymous 
ID (without at least one more click if I let them resume as usual), 
and if they've become accustomed to Directed Identity (or never 
learned how to enter their URI!), it'll interrupt the flow for them. 
(Kind of like the situation we have now, where users gleefully charge 
out to use their OpenID's and then say "Hey wait, where's my login 
screen for OpenID?" because there aren't many sites which "support 
OpenID" but trust anyone else's OP.) This would only be a reactive 
measure, though, for RP's refusing to treat Directed Identity as a 
*real* Identity.

How much of the "RP's trusting OP's" issue is a reluctance to embrace 
the web 2.0 model of user-centric identity? Could the OP offer its 
users "increased acceptance at [such] RP's" by marketing to those 
RP's that an "anonymous" URI marks a unique user:OP:RP relationship 
that identifies the user as one of that site's human assets (not an 
entity unto themselves) and merely provides a way of distinguishing 
them from other human assets currently held by the site?

-Shade



More information about the specs mailing list