[OpenID] DotNetOpenAuth announces support of the Government profile of OpenID
Andrew Arnott
andrewarnott at gmail.com
Wed Sep 9 13:48:49 UTC 2009
No, the profile does not allow delegation. But not for the reason one might
expect.
In the profile, RPs are *not allowed* to display a text field for user
entry. The profile is quite paranoid about not exposing any PII, and if the
user were allowed to enter anything, that might give away something about
the personal identity of the user. So instead, RPs must use the nascar OP
button display, which means all authentications begin with an OP identifier
(thus no delegation).
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Wed, Sep 9, 2009 at 6:45 AM, Peter Williams <pwilliams at rapattoni.com>wrote:
> Does it work with delegation?
>
>
>
> That is, will the US govt RPs will pick one of the OPs from my list (which
> I may change)?
>
>
>
>
>
> *From:* openid-general-bounces at lists.openid.net [mailto:
> openid-general-bounces at lists.openid.net] *On Behalf Of *Andrew Arnott
> *Sent:* Wednesday, September 09, 2009 6:36 AM
> *To:* general
> *Subject:* [OpenID] DotNetOpenAuth announces support of the Government
> profile of OpenID
>
>
>
> The government has just announced<http://www.idmanagement.gov/drilldown.cfm?action=openID_openGOV>that they are piloting accepting OpenID on several of their web sites, and
> the major OpenID Providers (Google, Yahoo, AOL, PayPal, Verisign) will be supporting
> Providers<http://openid.net/u-s-government-openid-pilot-program-participants/>of this new Government profile for OpenID.
>
>
>
> What is this "government profile<http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf>"?
> Basically it's a set of rules that an OP and RP must follow. These rules
> are more restrictive than, but nonetheless compliant with, the OpenID 2.0
> spec. For example, HTTPS must be used throughout the process, and shared
> associations must only last up to a given maximum length of time.
>
>
>
> I'm very pleased to announce that *DotNetOpenAuth<http://dotnetopenauth.net/> has
> support for this government profile*, and in fact is the underlying
> library used by the NIH for its OpenID RP support. Watch for a new release
> of DNOA (3.2.1) in the next day or two that actually includes the government
> profile in it.
>
>
>
> More in the news<http://www.techcrunch.com/2009/09/09/us-government-to-embrace-openid-courtesy-of-google-yahoo-paypal-et-al/>
>
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090909/137ca96d/attachment.htm>
More information about the general
mailing list