[OpenID] For the nominees
Peter Williams
pwilliams at rapattoni.com
Thu Dec 4 23:41:44 UTC 2008
. A mainstream website might trust any IDP who is hosted by a known SaaS vendor. However for the longer-tail we may see a need for companies who build a business out of validating the UI/reliability of IDPs and selling those lists to other websites.
This seems very SAML-notion centric, based on architectural forms ~5 years old.
Isn't the ___user___ supposed to be in charge, in OpenID?
Isn't that the CRUX of what openid is all about and what makes it different to SAML (other than needing SSL/PKI and using name/value pairs and XRDS markup ...instead of the SAML markup and xmldsig?)
OpenID is not an idp-centric federation concept . OpenID is not an sp-centric federation concept. It CLAIMS/CLAIMED to be a user-centric (federation) concept - a model seekingto differentiate itself from the well-known hangups of the previous 2 concepts.
I have to admit, from the trends I see, and in the hands of the "big players": OpenID is turning into a simple lightweight version of SAML2, featuring the idp-centric model. If one uses the unsolicited assertion model, it does do a damn good impression of SAML1, too.
I have to admit I don't think we in realty, could really care less. But, what was always interesting/revolutionary about openid was the model, not the swap of bits. If OpenID is just a lightweight SAML, all I need to do is stick a protocol gateway on the front of the SAML endpoints we already have, and be done with it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081204/f0dd5911/attachment-0002.htm>
More information about the general
mailing list