[OpenID] Where's the added value?

Eric Norman ejnorman at doit.wisc.edu
Wed Aug 29 18:53:47 UTC 2007


On Aug 29, 2007, at 1:04 PM, Johnny Bufu wrote:

> Hi Eric,
>
> On 28-Aug-07, at 5:24 PM, Eric Norman wrote:
>> On Aug 28, 2007, at 1:08 PM, Johnny Bufu wrote:
>>
>>> That's the general OpenID approach. The flow we're proposing is
>>> "OpenID wrapped into Infocard".
>>
>> Could someone provide a list of the additional benefits that would
>> accrue to the various parties with such an approach?  That is, for
>> instance, how does this approach improve the situation for relying
>> parties over what they already have with just Information Cards?
>
> I don't think the above is phrased entirely correct. There aren't  
> "just Information Cards". The ones I believe you are referring to  
> are Information Cards carrying SAML tokens. The ones we're  
> proposing are Information Cards carrying OpenID tokens.

OK; I'll try to be more verbose.

> Since the SAML tokens were the first, I can see how they may seem  
> to be the only choice.

OK.

> Why an RP would choose to implement Infocards + OpenID tokens over  
> Infocards + SAML tokens is a question that falls within the general  
> "OpenID vs SAML" dispute.

OK.

> The OpenID Information Cards specification targets existing OpenID  
> RPs (which require minimal changes), and offers them a new means of  
> requesting / transporting the OpenID claims / assertions, which has  
> a few advantages over the regular OpenID flow.

Well, that's the question.  What are those advantages to the
relying party, or to the user, or to any other stakeholder.

The RP already has to install, configure, and maintain code
that can deal with Information Cards carrying SAML tokens
(to use your terminology).  The question is what additional
benefits will a relying party enjoy that they wouldn't have with
the code they installed to deal with Information Cards carrying
SAML tokens.

Is there a list of such advantages somewhere that potential
relying parties could see to solicit their opinion?

Eric Norman
http://ejnorman.blogspot.com





More information about the general mailing list