Proposal: IdP-supported delegation
Johannes Ernst
jernst+openid.net at netmesh.us
Tue Sep 5 17:52:37 UTC 2006
On Sep 4, 2006, at 20:09, Josh Hoyt wrote:
>>> * The user-entered identifier is disclosed to the IdP.
>
> I contend that this disclosure is not harmful, since the user must
> trust the IdP anyway.
It appears the same way to me. I'm just raising it on the list
according to the theory of "many eyeballs" ... and for privacy that's
important.
There's something else I don't understand though, and chances are
that I simply don't understand it so your help is appreciated:
Your motivation for the proposal says it is "IdP-driven identifier
selection". Which I understand as entering "mylid.net" or
"myopenid.com" as the identifier at the RP instead of
"someone.myopenid.com" or even "myvanitydomain.com". But that isn't
the protocol flow that you outline because the delegate URL isn't
even known in that case. I'm confused ... how does this relate to
"IdP-driven identifier selection"?
Also: would there be an alternate way of solving the problem, without
protocol changes, by requiring the user to register
"myvanitydomain.com" with the IdP, from where the user could select
it if she so chose?
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20060905/556e02ab/attachment-0002.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the specs
mailing list