<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">You know of course, Pat, that virtually all members of this list would disagree with you on your assessment of "poor choice". Flame bait! ;-)<DIV><BR class="khtml-block-placeholder"></DIV><DIV>I'd think it would be an excellent choice. As Pat points out, not the only choice, but certainly a viable one.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Traditionally this list hasn't been used to discuss particular product choices, however.<DIV><BR><DIV><DIV>On Sep 7, 2007, at 9:57, Pat Patterson wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"> Hi Fox,<BR> <BR> I would say that OpenID is probably a poor choice for a deployment like this. OpenID explicitly avoids the issue of trust - the ability to ensure that only users that you trust have access to your systems is something that you would have to figure out yourself, although I understand that some or all of the OpenID solutions out there have some measure of 'whitelist' support to control the OPs from which the RPs would accept authenticated users.<BR> <BR> I would advise you to look at SAML 2.0 for this purpose. SAML 2.0 is widely supported, both in open source and commercial products. It was explicitly designed for the use case you describe. Since we are wandering off-topic for the OpenID list, I'll respond to you personally with links and more information.<BR> <BR> Cheers,<BR> <BR> Pat<BR> <BR> Francis wrote: <BLOCKQUOTE cite="mid:710890.29770.qm@web53804.mail.re2.yahoo.com" type="cite"> <DIV style="font-family: times new roman,new york,times,serif; font-size: 12pt;"> <DIV>Hello,</DIV> <DIV> </DIV> <DIV>My company has many partners/customers and we want to build a single logon system for them for some kind distributed web apps (under different domains).</DIV> <DIV> </DIV> <DIV>We don't want to re-invent the wheel and we want high quality implmentation (i.e. distributed, high performance, security).</DIV> <DIV> </DIV> <DIV>So I have found OpenID seems to be a good reference for my purpose.</DIV> <DIV> </DIV> <DIV>What is your comments about my purpose? Should I use other products/tools for my purpose instead of OpenId?</DIV> <DIV> </DIV> <DIV>Any comments are welcome.</DIV> <DIV> </DIV> <DIV>Thanks.</DIV> <DIV> </DIV> <DIV>Fox</DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> </DIV> <BR> <HR size="1">使用Y!Mail,給你重重驚喜,更有機會贏 <B>MacBook</B>! <B>立即參加</B> <PRE wrap=""><HR size="4" width="90%">_______________________________________________
general mailing list
<A class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</A>
<A class="moz-txt-link-freetext" href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</A>
</PRE></BLOCKQUOTE> <BR> <PRE class="moz-signature" cols="72">--
Pat Patterson - <A class="moz-txt-link-abbreviated" href="mailto:pat.patterson@sun.com">pat.patterson@sun.com</A>
Federation Architect,
Sun Microsystems, Inc.
<A class="moz-txt-link-freetext" href="http://blogs.sun.com/superpat">http://blogs.sun.com/superpat</A>
</PRE><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">general mailing list</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:general@openid.net">general@openid.net</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</A></DIV> </BLOCKQUOTE></DIV><BR></DIV></DIV><BR><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Johannes Ernst</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">NetMesh Inc.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN><IMG src="cid:9173E289-5D6D-4850-B823-FDF7D115EF12@local"></SPAN><SPAN><IMG src="cid:5CC41088-A082-4AA9-8169-EFD940AF9ADA@aviatis.com"></SPAN><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "> <A href="http://netmesh.info/jernst">http://netmesh.info/jernst</A><BR class="Apple-interchange-newline"></SPAN></SPAN> </SPAN></DIV><BR></BODY></HTML>