[VOTE] Portable Identifier Support Proposal (patch)
Dick Hardt
dick at sxip.com
Mon Oct 23 04:51:17 UTC 2006
-1 for these reasons:
Complexity: There is no reason for the RP to be managing the binding
between the IdP and the portable identifier. Both the IdP and the RP
are verifying this. There is no extra security, and more things to go
wrong in an implementation.
Privacy: There is no reason for the RP to know I am using a portable
identifier instead of one managed directly by the IdP
I'm not sure we are all on the same page on requirements, so I will
write up a little summary about that and some conclusions.
I know many of you wish this issue was over, but we do need to do
this one right.
-- Dick
On 20-Oct-06, at 10:33 PM, Recordon, David wrote:
> +1, though thinking we should define IdP-Specific Identifier and
> Portable Identifier in the terminology section.
>
> Thanks for doing this!
>
> --David
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf Of Josh Hoyt
> Sent: Friday, October 20, 2006 7:31 PM
> To: specs at openid.net
> Subject: Portable Identifier Support Proposal (patch)
>
> As requested [1], I have made a patch to the specification [2] that
> specifies the "two-identifier" mechanism for portable identifier
> support. It's attached to this message. The net effect is adding one
> line to the source XML file.
>
> I hope this proves useful in evaluating the proposal.
>
> Josh
>
> 1. http://openid.net/pipermail/specs/2006-October/000478.html
> 2. http://openid.net/svn/listing.php?
> repname=specifications&rev=70&sc=1
> (openid.net specifications svn trunk, revision 70)
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
More information about the specs
mailing list