Summarizing Where We're At

Dick Hardt dick at sxip.com
Tue Oct 17 21:55:02 UTC 2006


On 17-Oct-06, at 2:30 PM, Josh Hoyt wrote:

> On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
>> Well, authentication is optional in the spec, so perhaps we should
>> pull that out and make it an extension?
>> In order to just do attribute exchange, we have it so that the RP can
>> decide NOT to request an identifier.
>
> Honestly, I think that'd be a technically better decision, since an
> identifier is really just an attribute. Ideally, there would be a data
> exchange mechanism and then a discovery and verification mechanism
> that are put together to do OpenID authentication. It's worth keeping
> them together because the specification(s!) would be so much harder to
> understand and motivate if they were separated.

LOL

I guess the humour in my reponse did not come through ;-)

I was indirectly saying that your argument for auth_age to be an  
extension could as easily be applied to all of authentication being  
an extension.

-- Dick





More information about the specs mailing list