[OpenID] Attribute Exchange without simultaneous authentication
Peter Williams
pwilliams at rapattoni.com
Wed May 28 09:03:06 UTC 2008
>From Dec 05: http://codebrane.com/blog/?p=164.
I'm going to be focusing a fair amount of my energy seeing how SAML2/Shib fitted with the Grid world, to see which elements can be re-purposed. Perhaps the place for me to start to focus is the control models: how delegation works in theory and then in practice...for AX-like flows amongst RPs and then other flows between RPs and specialized authorities such as "repositories". With a focus on delegation, I'll probably start to understand where Microsoft is going, when leveraging TPMs in "claims handling" systems.
_________________________
Peter Williams
From: Nate Klingenstein
Sent: Tue 5/27/2008 1:12 AM
To: Peter Williams
Cc: general at openid.net
Subject: Re: [OpenID] Attribute Exchange without simultaneous authentication
I agree with Peter. Tacking things onto particular specs should be avoided to limit proliferation of fields and terms for conceptually similar things. It seems to me that the idea of openid.identity, as the OP-local identifier, would still be applicable in this sense.
Is there a reason not to generalize this?
Nate.
On 26 May 2008, at 19:31, Peter Williams wrote:
I think its more important to fix the critical issue: follow through the intent and ensure the docs allow any (perhaps vendor-defined) extension (not only AX) to leverage a pre-existing OpenID Association without seeking an athentication Statement (or imply the processing of authenticaiton requests signals, by an OP).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080528/88f1c435/attachment-0001.htm>
More information about the general
mailing list