[OpenID] Recycling OpenIDs (Was: What's broken in OpenID 2.0? (IIW session))
Josh Hoyt
josh at janrain.com
Fri May 18 19:27:49 UTC 2007
On 5/18/07, Peter Watkins <peterw at tux.org> wrote:
> But having a single "global" identifier per user introduces privacy and
> RP data-mining/collusion issues. I believe the SAML model (and the CardSpace
> model) is that the Identity Provider (IdP/OP) can use an identifier that
> is unique, and different for each RP. Drummond Reed suggested that 2.0
> allows this (http://openid.net/pipermail/general/2006-November/000579.html)
> but I didn't see it in Draft 10 (not *reliably* -- it seemed that "directed
> identity" was only available if the RP sent an *optional* request param),
> and I'm just now sitting down, again, to plow throgh Draft 11.
The part of OpenID 2.0 that allows directed identity is that the OP
can send back any identifier that it wants, regardless of what
identifier was requested. If the user enters the URL to an OP instead
of an identifier, the relying party only knows that the user is a user
of that OP and nothing else.
I hope that helps.
Josh
More information about the general
mailing list