[OpenID] differentiating users
Nate Klingenstein
ndk at internet2.edu
Thu May 22 08:22:52 UTC 2008
Steven,
> Be interesting if anyone is looking into an online library to find
> this kind of stuff for OpenID? We don’t need 50 versions of “Role”
> or “FavouriteBook”. If no one has such a library yet I may do
> something on it.
There were various half-hearted attempts at creating such a library
for LDAP -- we called it a "schema registry" -- but it was never very
successful. I think it'd be good to get a base list for the most
common attributes, though. It might be useful for you to check out
the way TERENA did some reconciliation for European Universities.
http://www.terena.org/activities/tf-emc2/schac.html
SREG does this, but maybe not completely, and it's a separate spec as
well. I think it should be revisited at some point.
> They were interested in how you could manage roles in that scenario
> too – after I explained to them to more user centric nature of
> openid, w.r.t to Athens.
I'm of the opinion that universities will not manage many identifiers
in the future once commercial/governmental services *that do good
identity proofing* arise. I'm also of the opinion that universities
will always manage attributes about their users for which they must
remain authoritative and in control of the data: class enrollment,
degrees, licensed under contract XYZ for content provider ABC, etc.
To reach these two goals, we need protocol fluency in our systems,
and to solve attribute aggregation issues soon so we can express the
union of "ndk at outsourcedID.org" + "is licensed through Double U. to
download all your movies for free." That's a very real use case too,
and a secret reason for my starting the other thread.
Thanks,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080522/ceea65f4/attachment-0002.htm>
More information about the general
mailing list