[OpenID] Can one use Generic OpenIds
Boris Erdmann
boris.erdmann at googlemail.com
Thu May 24 13:51:48 UTC 2007
Well,
the flow goes like this:
user enters "personal id" at RP
|
V
gets directed to OP
|
V
user authenticates and selects "group id" to be returned
|
V
gets directed to RP
|
V
RP now knows both ids.
Is it up to the protocol spec to define how an RP has to handle
that data? In fact it's the RP that finally defines the semantics,
meaning or role of the group id. OTHO it's the OP that makes
a group id shared between several personal ids. So there must be
consensus between those parties anyway.
Boris
On 5/22/07, Terry Hayes <Terry.Hayes at corp.aol.com> wrote:
> I think a major problem with this approach (generic/collective ids) is that
> it provides no way for the RP to identity the particular entity that was
> using the ID. While it may not be important during the initial transaction,
> providing a method to attribute actions to a particular source may be
> important in some contexts.
More information about the general
mailing list