[OpenID] Where's the added value?

Johnny Bufu johnny at sxip.com
Wed Aug 29 18:04:05 UTC 2007


Hi Eric,

On 28-Aug-07, at 5:24 PM, Eric Norman wrote:
> On Aug 28, 2007, at 1:08 PM, Johnny Bufu wrote:
>
>> That's the general OpenID approach. The flow we're proposing is
>> "OpenID wrapped into Infocard".
>
> Could someone provide a list of the additional benefits that would
> accrue to the various parties with such an approach?  That is, for
> instance, how does this approach improve the situation for relying
> parties over what they already have with just Information Cards?


I don't think the above is phrased entirely correct. There aren't  
"just Information Cards". The ones I believe you are referring to are  
Information Cards carrying SAML tokens. The ones we're proposing are  
Information Cards carrying OpenID tokens.

Since the SAML tokens were the first, I can see how they may seem to  
be the only choice.


Why an RP would choose to implement Infocards + OpenID tokens over  
Infocards + SAML tokens is a question that falls within the general  
"OpenID vs SAML" dispute.

The OpenID Information Cards specification targets existing OpenID  
RPs (which require minimal changes), and offers them a new means of  
requesting / transporting the OpenID claims / assertions, which has a  
few advantages over the regular OpenID flow.


Johnny




More information about the general mailing list