Making identities persistent?
Pete Rowley
prowley at redhat.com
Wed Nov 1 18:53:12 UTC 2006
Rowan Kerr wrote:
> On Wed, 2006-11-01 at 11:33 -0500, John Kemp wrote:
>
>> I think you need the ability for a user to change his identifier at the
>> RP (as George notes below) and also at the IdP.
>>
>
> Isn't this was already covered in the spec? You accomplish this by
> creating an HTML page on some website you control with a http-equiv meta
> tag in it that points to your IdP. Then you use your own url as your
> Identity, even though ultimately the data is pulled from the IdP.
>
> So if you ever want to change IdP's you simply update your html page
> with the new server. And your Identifier never needs to change.
>
>
>
Except that the spec specifies that it is the derived identifier of the
IdP that is used at the RP - which means a delegated identifier actually
isn't used as an identifier. That is not quite the same thing.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061101/4221f92a/attachment-0002.bin>
More information about the specs
mailing list