Consolidated Delegate Proposal
Dick Hardt
dick at sxip.com
Wed Oct 11 13:11:06 UTC 2006
+1
Well said Chris.
On 10-Oct-06, at 11:22 PM, Chris Drake wrote:
>
> This is backwards: Users have already chosen the IdP whom they trust
> to look after their identity and privacy: and except for the unlikely
> double-blind scenarios, no user will want to hide RP info and usage
> from their own IdP.
>
> The privacy violations come into effect when the *RP* is given access
> to any more information than it strictly needs to know to accomplish
> its task.
>
> Might I suggest a fast-track approach to tabling the core requirements
> for OpenID 2.0 and bypassing the debate: lets just identify exactly
> what everyone wants to achieve, make sure the proposed protocol can
> support everything everyone wants to do - then leave it up to the RPs
> and IdP's as to which features they feel like supporting.
>
> Nobody knows in advance whether privacy or delegation or any other
> feature is going to succeed in the marketplace, so I feel it's better
> to accommodate it, then let the market decide.
>
> The bottom line is that we're spending months arguing over what will
> end up to be a few days work and a couple of hundred lines of code.
>
> The only thing I want to see, which can then be used to accommodate
> privacy protection, is for RP's to accept an IdP-initiated login.
> It's none of the RPs business how my user selected their
> openid.identity for presentation to the RP.
>
> Chris.
>
>
More information about the specs
mailing list