[OpenID] Where's the added value?
Johnny Bufu
johnny at sxip.com
Wed Aug 29 19:11:23 UTC 2007
On 29-Aug-07, at 11:53 AM, Eric Norman wrote:
>> The OpenID Information Cards specification targets existing OpenID
>> RPs (which require minimal changes), and offers them a new means of
>> requesting / transporting the OpenID claims / assertions, which has
>> a few advantages over the regular OpenID flow.
>
> Well, that's the question. What are those advantages to the
> relying party, or to the user, or to any other stakeholder.
For the RP: if it requires logins with an OpenID Infocard, it will
know that the user - OP/STS authentication is phishing resistant.
For the (identity selector) users: consistent user experience between
Infocard + SAML token RPs and (Infocard+)OpenID token RPs.
> The RP already has to install, configure, and maintain code
> that can deal with Information Cards carrying SAML tokens
> (to use your terminology).
Why is that? SAML tokens are not required by the Infocard specs.
Our demonstration RP that lives at https://openidcards.sxip.com/
demorp/ has no SAML code in it (sources available on the main page,
if anyone wants to check).
> The question is what additional
> benefits will a relying party enjoy that they wouldn't have with
> the code they installed to deal with Information Cards carrying
> SAML tokens.
This question is based on the false assumption above, so I can't
really answer. :)
Without the assumption, it is again the same general OpenID vs SAML
question.
> Is there a list of such advantages somewhere that potential
> relying parties could see to solicit their opinion?
I think we outlined them in the spec and the announcement message.
Mike Jones also wrote a good review on it here: http://self-
issued.info/?p=27
Johnny
More information about the general
mailing list