Making identities persistent?
Recordon, David
drecordon at verisign.com
Wed Nov 1 22:52:11 UTC 2006
Pete,
While the transaction with the IdP is about the derived identifier (sort
of like that term actually), the RP uses the delegated identifier when
referencing the user.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Pete Rowley
Sent: Wednesday, November 01, 2006 10:53 AM
To: Rowan Kerr
Cc: specs at openid.net
Subject: Re: Making identities persistent?
Rowan Kerr wrote:
> On Wed, 2006-11-01 at 11:33 -0500, John Kemp wrote:
>
>> I think you need the ability for a user to change his identifier at
>> the RP (as George notes below) and also at the IdP.
>>
>
> Isn't this was already covered in the spec? You accomplish this by
> creating an HTML page on some website you control with a http-equiv
> meta tag in it that points to your IdP. Then you use your own url as
> your Identity, even though ultimately the data is pulled from the IdP.
>
> So if you ever want to change IdP's you simply update your html page
> with the new server. And your Identifier never needs to change.
>
>
>
Except that the spec specifies that it is the derived identifier of the
IdP that is used at the RP - which means a delegated identifier actually
isn't used as an identifier. That is not quite the same thing.
--
Pete
More information about the specs
mailing list