[OpenID] Community Reputation Services
Nate Klingenstein
ndk at internet2.edu
Fri May 23 06:16:07 UTC 2008
Dick,
>> Anyway, I don't see anything wrong with obtaining an OpenID
>> identifier in our use cases. It just isn't itself meaningful for
>> these apps without the OP being trusted, and often trusted in a
>> specific way. The same is true of any attributes sent too. It's
>> all down to the RP to decide if it cares or not; I don't see an
>> identifier itself as materially different from any other
>> information about the user on this basis, and I think it could be
>> used as a user's primary key just fine for apps that need that.
>
> I would argue that you are trying to use an OpenID identifier in a
> use case that it was not designed to be used.
I'm a confused why you would see a strong semantic distinction
between the identifier presented by an OP and a set of attributes
presented by the same OP in the same transaction. In fact, short of
stating that an OpenID identifier is not trustworthy by definition,
I'm not sure how it's even possible. If it's dirty, how can the
resulting attributes be clean? What would you use as an identifier
in the application instead?
Still not feeling it...
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080523/302b3711/attachment-0002.htm>
More information about the general
mailing list