Terminology open issue #1: IdP vs OP
Dick Hardt
dick at sxip.com
Tue Nov 21 08:08:02 UTC 2006
I don't have any suggestions for improving #2-#4.
-- Dick
On 20-Nov-06, at 11:10 PM, Drummond Reed wrote:
> Dick, I have been torn on this one. I try not to change positions
> on an
> issue without good reason. Eve's explanation of the full SAML
> meaning of IdP
> was what swayed me.
>
> That said, my original argument was that OpenID Provider was cleary a
> "specialization" of Identity Provider that would be clearly
> recognizable to
> people familiar with the latter term, and I still believe that's true.
>
> Since the latest version of the pre-draft 11 spec uses the term OP, I
> updated the Terminology wiki page to use it, and changed the open
> issue to
> whether to switch back to IdP or not.
>
> On that I defer to the editors and the rest of the community.
>
> Opinions on the other terminology open issues?
>
> http://openid.net/wiki/index.php/Terminology
>
> =Drummond
>
> -----Original Message-----
> From: Dick Hardt [mailto:dick at sxip.com]
> Sent: Monday, November 20, 2006 9:10 PM
> To: Drummond Reed
> Cc: specs at openid.net
> Subject: Re: Terminology open issue #1: IdP vs OP
>
> Drummond, you have sold out! ;-)
>
> Your bias at http://openid.net/wiki/index.php/Terminology is
> showing at:
>
> IdP vs. OP
> It has been suggested that the specs use the term '''OpenID Provider
> (OP)''' instead of '''Identity Provider (IdP)'''. However this would
> diverge from the widely-accepted use of IdP in the SAML, Liberty, and
> CardSpace communities.
>
> Actually, CardSpace also uses Identity Selector and STS.
>
> IdP is a term in federation deployments. Given the user-centric
> architecture of OpenID, I think a different name is good, and *your*
> argument that the server is not providing any *identity* I think is
> still a great argument!
>
> -- Dick
>
>
> On 20-Nov-06, at 12:01 PM, Drummond Reed wrote:
>
>> To tear into the meat of the terminology open issues at http://
>> openid.net/wiki/index.php/Terminology, the first issue has already
>> received quite a bit of discussion: switching from Identity
>> Provider (IdP) to OpenID Provider (OP).
>>
>>
>>
>> I was originally a supporter of this change, because I had always
>> felt Identity Provider was somewhat of a misnomer, particularly
>> when it came to a system like OpenID where the IdP was generally
>> NOT the source of your identifier.
>>
>>
>>
>> However Eve Maler (co-chair of the OASIS SSTC that did SAML and co-
>> editor of the SAML Glossary) made this point in an earlier post:
>>
>>
>>
>> <quote>
>>
>>
>>
>> Just to be clear, "identity provider" in SAML isn't intended to
>> mean that this system entity is providing an identity to a digital
>> subject -- it means that this system entity is providing identity
>> information (specifically verification/authentication info) to a
>> relying party/service provider.
>>
>>
>>
>> From the SAML glossary (now in HTML...):
>>
>>
>>
>> http://www.oasis-open.org/committees/download.php/21053/saml-
>> glossary-2.0-os.html#IdentityProvider
>>
>>
>>
>> http://www.oasis-open.org/committees/download.php/21053/saml-
>> glossary-2.0-os.html#RelyingParty
>>
>>
>>
>> Often, but not always, a SAML authentication authority also serves
>> as an attribute authority:
>>
>>
>>
>> http://www.oasis-open.org/committees/download.php/21053/saml-
>> glossary-2.0-os.html#AttributeAuthority
>>
>>
>>
>> <endquote>
>>
>>
>>
>> For this reason, I have reversed my position and now feel that it
>> would not benefit the OpenID community to use a different term than
>> that already well-established by SAML.
>>
>>
>>
>> -1 to making this change.
>>
>>
>>
>> =Drummond
>>
>>
>>
>>
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>
>
>
More information about the specs
mailing list