No subject


Fri Feb 8 18:42:25 UTC 2008 

I'm going to be focusing a fair amount of my energy seeing how SAML2/Shib f=
itted with the Grid world, to see which elements can be re-purposed. Perhap=
s the place for me to start to focus is the control models: how delegation =
works in theory and then in practice...for AX-like flows amongst RPs and th=
en other flows between RPs and specialized authorities such as "repositorie=
s". With a focus on delegation, I'll probably start to understand where Mic=
rosoft is going, when leveraging TPMs in "claims handling" systems.

_________________________
Peter Williams




From: Nate Klingenstein
Sent: Tue 5/27/2008 1:12 AM
To: Peter Williams
Cc: general at openid.net
Subject: Re: [OpenID] Attribute Exchange without simultaneous authenticatio=
n


I agree with Peter.  Tacking things onto particular specs should be avoided=
 to limit proliferation of fields and terms for conceptually similar things=
.  It seems to me that the idea of openid.identity, as the OP-local identif=
ier, would still be applicable in this sense.


Is there a reason not to generalize this?
Nate.


On 26 May 2008, at 19:31, Peter Williams wrote:

I think its more important to fix the critical issue: follow through the in=
tent and ensure the docs allow any (perhaps vendor-defined) extension (not =
only AX) to leverage a pre-existing OpenID Association without seeking an a=
thentication Statement (or imply the processing of authenticaiton requests =
signals, by an OP).

--Apple-Mail-25--506986929
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="iso-8859-1"

<HTML dir=3Dltr><HEAD></HEAD>
<BODY style=3D"WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space">
<DIV id=3DidOWAReplyText68748 dir=3Dltr>
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>From Dec 05: <A =
href=3D"http://codebrane.com/blog/?p=3D164" target=3D_blank>http://codebran=
e.com/blog/?p=3D164</A>.</FONT></DIV>
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV><FONT face=3D=
Arial size=3D2>
<DIV dir=3Dltr><BR>I'm going to be focusing a fair amount of my energy seei=
ng how SAML2/Shib fitted with the Grid world, to see which elements can be =
re-purposed. Perhaps the place for me to start to focus is the control mode=
ls: how delegation works in theory and then in practice...for AX-like flows=
 amongst RPs and then other flows between RPs and specialized authorities s=
uch as "repositories". With a focus on delegation, I'll probably start to u=
nderstand where Microsoft is going, when leveraging TPMs in "claims handlin=
g" systems.</DIV>
<DIV dir=3Dltr></FONT><FONT face=3DArial color=3D#000000 size=3D2></FONT>&n=
bsp;</DIV></DIV>
<DIV id=3DidSignature13509>
<DIV><FONT face=3DArial color=3D#000000 size=3D2><SPAN style=3D"FONT-SIZE: =
7.5pt">_________________________<BR></SPAN><B>Peter Williams<BR></B></FONT>=
</DIV></DIV>
<DIV dir=3Dltr><BR>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> Nate Klingenstein<BR><B>Sent:</B>=
 Tue 5/27/2008 1:12 AM<BR><B>To:</B> Peter Williams<BR><B>Cc:</B> general at o=
penid.net<BR><B>Subject:</B> Re: [OpenID] Attribute Exchange without simult=
aneous authentication<BR></FONT><BR></DIV>
<DIV>
<DIV style=3D"MARGIN: 0px">I agree with Peter. &nbsp;Tacking things&nbsp;on=
to particular specs should be avoided&nbsp;to limit proliferation of fields=
 and terms for conceptually&nbsp;similar things. &nbsp;It seems to me that =
the idea of openid.identity, as the OP-local identifier, would still be app=
licable in this sense.</DIV>
<DIV style=3D"MIN-HEIGHT: 14px; MARGIN: 0px; FONT: 12px Helvetica"><BR></DI=
V>
<DIV style=3D"MARGIN: 0px"><FONT style=3D"FONT: 12px Helvetica" face=3DHelv=
etica size=3D3>Is there a reason not to generalize this?</FONT></DIV>
<DIV style=3D"MARGIN: 0px"><FONT style=3D"FONT: 12px Helvetica" face=3DHelv=
etica size=3D3>Nate.</FONT></DIV>
<DIV style=3D"MARGIN: 0px"><BR></DIV>
<DIV>On 26 May 2008, at 19:31, Peter Williams wrote:<BR class=3DApple-inter=
change-newline>
<BLOCKQUOTE type=3D"cite"><SPAN class=3DApple-style-span style=3D"WORD-SPAC=
ING: 0px; FONT: 10px Arial; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-I=
NDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: s=
eparate; orphans: 2; widows: 2; -webkit-border-horizontal-spacing: 0px; -we=
bkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none=
; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0">I think its=
 more important to fix the critical issue: follow through the intent and en=
sure the docs allow any (perhaps vendor-defined) extension (not only AX) to=
 leverage a pre-existing OpenID Association without seeking an athenticatio=
n Statement (or imply the processing of authenticaiton requests signals, by=
 an OP).</SPAN></BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>

--Apple-Mail-25--506986929--

More information about the general mailing list