<HTML><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText76289 dir=ltr>
<DIV dir=ltr><FONT face=Terminal color=#000000 size=2>Lets not forget the fundamental model - at least I assume its a fundamentum.</FONT></DIV>
<DIV dir=ltr><FONT face=Terminal size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>Backend RP asks for attributes in its local vocab/typesystem. RP Agent/STS translates these requests into common schema, probably. OP Agent uses back end attribute stores, translating common "wire" schema into lookup values (against ldap, foaf, xfn, and a thousand other ways folks have to calling a first name a first name...)</FONT></DIV>
<DIV dir=ltr><FONT face=Terminal size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>If the RP has reason to believe that the OP can work with the RP private vocabulary, then it cites the RP-private AX namespace rather than common schema. Licensing issues and localized business processes may demand this, furthermore.</FONT></DIV>
<DIV dir=ltr><FONT face=Terminal size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>Now, I have not read any of this so explicitly stated anywhere in the specs, but the architecture seems to imply it. And, its what my SAML server does, when doing the same work as an OP does. SO, its hardly new ground.</FONT></DIV>
<DIV dir=ltr><FONT face=Terminal size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>This issue has become very much more pertinent for us, as finally my prototype openid OP (bridging to a SAML server) has got re-implemented professionally (so folks don't have to worry about why the mono vm suddenly deletes the JanRain boo.language dll - as in my own prototype .NET code). Now, there are two sets of attribute renaming (type recasting) bridges to go through.</FONT></DIV><FONT face=Terminal size=2></FONT></DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>Lets not forget, this architecture of constant renaming/typing of common objects to meet a zillion legacy naming worlds is only what Microsoft laid down in its STS framework. Don't like the schema the OP uses - have the IDPs or SP STS translate it for you - a series of semi-intelligent transformative agents. In our case, have an local OP (bridging to the thid party OP which fronts a SAML attribute authority) act in the role of the STS...</FONT></DIV>
<DIV dir=ltr><FONT face=Terminal size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Terminal size=2>PIng Identity recently hosted a seminr in which Radiant Logic's virtual directory could superimpose the LDAP attribute model into disparate naming worlds and object schemas, in many a different bacnked data store (SQL, RDF, military X.500,... ) . It was expensive tho. So, I worked a bit - and found t quite to do the same with an RDF server, where my Ping Identity SAML server uses the RDF server over jdbc to map naming systems, to one's heart's contents, using inference rules. As our OP will front all this, our OP will indirectly get all the same capabilities, for free!</FONT></DIV>
<DIV dir=ltr><BR></DIV>
<DIV dir=ltr>
<HR tabIndex=-1>
</DIV>
<DIV dir=ltr><FONT face=Tahoma size=2><B>From:</B> Kevin Turner<BR><B>Sent:</B> Fri 2/22/2008 4:27 PM<BR><B>To:</B> OpenID List<BR><B>Subject:</B> Re: [OpenID] OpenID Providers which support OpenID Attribute Exchange and http://www.axschema.org<BR></FONT><BR></DIV>
<DIV><PRE style="WORD-WRAP: break-word">On Fri, 2008-02-22 at 14:39 -0800, Dick Hardt wrote:
> Why are you guys allowed to use the openid.net domain? David made
> Sxip use a different domain name for use with AX -- axschema.net
"I used them because that's what sxip's RP seemed to want -- and that's
the one I was testing against."
So says the developer who implemented that bit of code. It's probably
true, as David suggested, that we implemented a draft that has since
been obsoleted.
_______________________________________________
general mailing list
general@openid.net
http://openid.net/mailman/listinfo/general
</PRE></DIV></BODY></HTML>