Summarizing Where We're At
Josh Hoyt
josh at janrain.com
Tue Oct 17 21:30:54 UTC 2006
On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
> Well, authentication is optional in the spec, so perhaps we should
> pull that out and make it an extension?
> In order to just do attribute exchange, we have it so that the RP can
> decide NOT to request an identifier.
Honestly, I think that'd be a technically better decision, since an
identifier is really just an attribute. Ideally, there would be a data
exchange mechanism and then a discovery and verification mechanism
that are put together to do OpenID authentication. It's worth keeping
them together because the specification(s!) would be so much harder to
understand and motivate if they were separated.
Josh
More information about the specs
mailing list