[PROPOSAL] Separate Public Identifier from IdP Identifier
Recordon, David
drecordon at verisign.com
Thu Oct 5 22:36:05 UTC 2006
Conceptually I think I like this model. It does seem easier to
understand.
Other thoughts on this?
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Martin Atkins
Sent: Wednesday, October 04, 2006 11:34 AM
To: specs at openid.net
Subject: [PROPOSAL] Separate Public Identifier from IdP Identifier
Currently the conceptual model is that each user has a "public" (that
is, presented to RPs) identifier, but can optionally create additional
identifiers which "delegate" to the real identifier. The delegate
functionality has several purposes, including:
* "Vanity" identifiers on personal domains while letting someone else
do the hard work in running the IdP.
* Ability to switch IdPs without losing identity
However, experience has shown that the above model is often difficult to
grasp for those new to OpenID. This proposal is really just a set of
terminology changes and an alternative conceptual model that aim to make
the delegate functionality easier to understand. It does not change the
mechanism of delegation at all, though it does change the discovery
protocol.
I've placed the full proposal on the OpenID wiki:
<http://www.lifewiki.net/openid/SeparateIdentifierFromIdPToken>
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list