<HTML dir=ltr><HEAD></HEAD>
<BODY style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV id=idOWAReplyText68748 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>From Dec 05: <A href="http://codebrane.com/blog/?p=164" target=_blank>http://codebrane.com/blog/?p=164</A>.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV><FONT face=Arial size=2>
<DIV dir=ltr><BR>I'm going to be focusing a fair amount of my energy seeing how SAML2/Shib fitted with the Grid world, to see which elements can be re-purposed. Perhaps the place for me to start to focus is the control models: how delegation works in theory and then in practice...for AX-like flows amongst RPs and then other flows between RPs and specialized authorities such as "repositories". With a focus on delegation, I'll probably start to understand where Microsoft is going, when leveraging TPMs in "claims handling" systems.</DIV>
<DIV dir=ltr></FONT><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature13509>
<DIV><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt">_________________________<BR></SPAN><B>Peter Williams<BR></B></FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Nate Klingenstein<BR><B>Sent:</B> Tue 5/27/2008 1:12 AM<BR><B>To:</B> Peter Williams<BR><B>Cc:</B> general@openid.net<BR><B>Subject:</B> Re: [OpenID] Attribute Exchange without simultaneous authentication<BR></FONT><BR></DIV>
<DIV>
<DIV style="MARGIN: 0px">I agree with Peter. Tacking things onto particular specs should be avoided to limit proliferation of fields and terms for conceptually similar things. It seems to me that the idea of openid.identity, as the OP-local identifier, would still be applicable in this sense.</DIV>
<DIV style="MIN-HEIGHT: 14px; MARGIN: 0px; FONT: 12px Helvetica"><BR></DIV>
<DIV style="MARGIN: 0px"><FONT style="FONT: 12px Helvetica" face=Helvetica size=3>Is there a reason not to generalize this?</FONT></DIV>
<DIV style="MARGIN: 0px"><FONT style="FONT: 12px Helvetica" face=Helvetica size=3>Nate.</FONT></DIV>
<DIV style="MARGIN: 0px"><BR></DIV>
<DIV>On 26 May 2008, at 19:31, Peter Williams wrote:<BR class=Apple-interchange-newline>
<BLOCKQUOTE type="cite"><SPAN class=Apple-style-span style="WORD-SPACING: 0px; FONT: 10px Arial; TEXT-TRANSFORM: none; COLOR: rgb(0,0,0); TEXT-INDENT: 0px; WHITE-SPACE: normal; LETTER-SPACING: normal; BORDER-COLLAPSE: separate; orphans: 2; widows: 2; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0">I think its more important to fix the critical issue: follow through the intent and ensure the docs allow any (perhaps vendor-defined) extension (not only AX) to leverage a pre-existing OpenID Association without seeking an athentication Statement (or imply the processing of authenticaiton requests signals, by an OP).</SPAN></BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>