[OpenID] OpenID appropriate here?
Nate Klingenstein
ndk at internet2.edu
Fri May 30 22:34:09 UTC 2008
Isak,
So as not to leave you with two seemingly conflicting answers to
weigh, let me try to give you some more information.
The major difference in our answers probably springs from the
different environments we work in. I spend most of my time in an
enterprise context where we're really dependent on the IdP/OP doing a
good job maintaining identity data. A lot of that identity data is
inextricably tied to business practices, which makes it difficult and
costly to outsource to a third party. It's incumbent on the relying
party to trust that data to make federated identity work.
I totally agree with Eddy that if your constraints are such that you
can trust a third party, but not the #1-like providers, then
outsourcing your identity management to a trusted OP would be a fine
fit. Even if you need to set up a provider yourself, it's not such a
bad idea to use a federated protocol in anticipation of potentially
trusting the #1-like providers someday.
Hope this helps,
Nate.
On 30 May 2008, at 16:40, Eddy Nigg (StartCom Ltd.) wrote:
> I think so. You need to find an OpenID provider you trust which can
> perform the authentication for either site. Alternatively you can
> setup your own provider (provided #2 will trust it).
More information about the general
mailing list