Consolidated Delegate Proposal
Josh Hoyt
josh at janrain.com
Tue Oct 10 18:58:24 UTC 2006
On 10/10/06, Dick Hardt <dick at sxip.com> wrote:
> My proposal was pretty much your proposal with a couple tweaks
> (sorry, I should have listed these to make it clearer)
> - the IdP can return a different identity then the one the RP sent over
I question whether this is something we want to encourage. I think
it's a separate issue from the delegation mechanism. If the user wants
to choose an identifier, he'll use IdP-driven selection instead of
entering an identifier. I don't feel strongly about this, but I do
feel strongly that this should be decoupled from the delegation
discussion.
> - since the delegate is only used by the IdP, the spec can be
> simplified (in fact, this can be out of band of the spec since it is
> a protocol between the user and the IdP, the RP is not involved)
This was exactly my original proposal:
"A request for a delegated identifier and a request for a non-delegated
identifier would be the same for the relying party, and the final,
verified identifier would always be included in the request/response."
Josh
More information about the specs
mailing list