[OpenID] Building on the OpenID PAPE specification
Dick Hardt
dick.hardt at gmail.com
Wed Oct 8 18:17:07 UTC 2008
On 8-Oct-08, at 10:46 AM, Peter Williams wrote:
> I don't see why per-OP blobs - one for each OP's auth mechanism in
> the very extreme - have any impact on the "openidness" of the OP->RP
> relationship.
>
> Folks already agreed to the principle that OPs may have per-OP
> attribute schemas, used in AX protocol, that only mean something to
> certain affiliations of RPs. Is AX therefore un-OpenID in culture?
> (Of course not.)
Sure, I'll bite.
PAPE allows any namespace representing a authentication policy to be
requested. AX allows an RP to request any namespace representing an
attribute.
Having ones that are OP specific can be done. They are just not very
open or reusable.
The whole idea of OpenID is to enable the reuse of identity data. This
is why doing one off specs specific to an OP / RP does not fit. Can
you do it? Sure. Creating a spec that requires it (rather then allows
it) is not likely to be useful IMHO.
-- Dick
More information about the general
mailing list