Yet Another Delegation Thread
Martin Atkins
mart at degeneration.co.uk
Wed Oct 25 19:32:15 UTC 2006
Pete Rowley wrote:
>
> Actually I think this is a consequence of using URLs as identifiers and
> wanting to use my site to host the portable identifiers - you're
> probably thinking separate domains per portable identifier or using some
> well known IdP. Each identifier can be correlated by inference in this
> case since they are on the same site. Non-correlatable identifiers would
> need to either be on separate sites or be hosted as a service and
> thereby taking advantage of the "lost in the crowd" effect.
>
This is true, but this is an implementation decision you can make for
yourself. If you want to make an identifier that has no links to any of
your other identifiers, there's no reason why you can't choose to use an
arbitrary IdP-issued identifier that has no connection with any others.
You lose the identifier portability, but this is a trade-off you must
make on your own.
More information about the specs
mailing list