I don't see a contradiction with having a few OpenIDs for low-value SSO and a number of institutionally provided OpenIDs for higher value authentication.<br><br><br><div><span class="gmail_quote">On 7/12/07, <b class="gmail_sendername">
John Wang</b> <<a href="mailto:jwanggroups@gmail.com">jwanggroups@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<span class="q">On 7/12/07, <b class="gmail_sendername">Simon Willison</b> <<a href="mailto:simon@simonwillison.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">simon@simonwillison.net</a>> wrote:
</span><div><span class="q"><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 7/12/07, Peter Williams <<a href="mailto:pwilliams@rapattoni.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">pwilliams@rapattoni.com</a>> wrote:<br>> I keep reading over and over again that only end-users (
i.e. the<br>> students) select their OP; and can migrate it to various providers, at
<br>> their whim. Or, register it with several providers -- in OpenID2.<br>><br>> Isn't the concept of OpenID (user-centric id) contradictory with the<br>> notion that one has an "institutionally-provided OpenID"?
<br><br>I don't think so at all, for a bunch of reasons</blockquote></span><div><br>I can see many larger RPs issuing their own institutional-provided OpenIDs, especially when they have some in-person verification in place already.
<br><br>I don't see a contradiction with having a few <br></div></div></blockquote></div><br><br clear="all"><br>-- <br>John Wang<br><a href="http://www.dev411.com/blog/">http://www.dev411.com/blog/</a>