[OpenID] New OpenID Customer Research Activity - Google research on federated login

[Peter Williams]

One compromise I have discussed with some RPs is to establish a legal agreement between the RP and the IDP where the RP commits to erasing the old global E-mail address of the user if the IDP sends both the old E-mail address and a new RP-specific E-mail address.


Isn't this all very "unUCI". Im supposed in OpenID culture to be picking my own OP (or "be" my own OP).

If I reject that, Id have to look at OpenID through the prism of the design's/designers' experience in trust modeling and managing open trading partner agreements (harkening back 30 years to EDI through PKI).

I'm getting the feeling, at this juncture, that having an OpenID shim on top of a robust SAML (and assured hardware crypto) - with all that mature use case based modeling of the whole spectrum of issues- was a good move on my part.  I do feel that XRI could play a much greater role on a "business-class" openid that it does today without losing the UCIness of OpenID; but I also believe hardly anyone agrees with me.