More use cases
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Sep 28 16:53:25 UTC 2006
I was asked to forward the following use cases/requirements with me
playing the anonymizer service, presumably for political reasons ;-)
These are paraphrased ...
1) An Attribute Provider (AP) makes an assertion about some user to
an Attribute Receiver (AR). (typically an IdP and a RP). The
assertion is conveyed with the user in the loop. However, the device
that the user is using to be in the loop is not trusted. For example,
the device may alter information in transit (add, remove, change).
Or, it may leak information in transit (e.g. post my identity details
to Usenet).
Can OpenID be used to address these requirements? If yes: how? If
not: could OpenID be modified somehow to address these requirements?
[Johannes comment: in the age of compromised PCs everywhere, this is
an interesting question. I'm not sure we can answer it. But it sure
would be useful if we could say "we can do this".]
2) May a single Persona have multiple attribute exchange services?
Are there any constraints on those services? For example, what
happens if there are three, and all three return a different date of
birth for the same persona? But then, having more than one would be
very advantageous if their scope was non-overlapping: say, one has
personal identity data, another work identity data etc.
[Johannes comment: my suggestion would be to build an "aggregation"
service and declare that one instead, where the aggregation service
delegates to, and resolves conflicts between the underlying data.]
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20060928/332cd72a/attachment-0002.gif>
-------------- next part --------------
http://netmesh.info/jernst
]
More information about the general
mailing list