[OpenID] Can one use Generic OpenIds
Johnny Bufu
johnny at sxip.com
Tue May 22 21:46:42 UTC 2007
On 22-May-07, at 1:29 PM, Lukas Rosenstock wrote:
> Done: http://blog.identity20.eu/23.e
> GROUP (3) - a group of people, e.g. a project team (shared within
> about 2 to 20 people)
Unless you're envisioning a bunch of people gathered in the front of
a computer and agreeing to hit the 'enter' key, this is still more
like "a person acting on behalf / as part of a group", which is
therefore still an individual, and his function in the transaction I
believe is better expressed through an attribute. So I second Josh's
earlier comments / the AX way for solving it.
One of the motivations for group identifiers is not disclosing a
public / global identifier of the user. This is exactly what directed
identity is for in OpenID 2 (and the same feature is built-in for
CardSpace). You can even see it in action today, if you use Sxipper
to login into an OpenID RP using the 'private' persona, which
generates an OpenID URL like https://openid.sxipper.com/i/
238de53a4bdf412b which is shared with only one RP.
So, instead of addressing the issue in a not-so-good-way, by building
trust and attributes directly into identifiers (where there is no
clear way how they could be processed automatically and then scale
the whole thing), I would suggest focusing on solving the roadblocks
on the alternate route - the attribute exchange.
Johnny
More information about the general
mailing list