Requiring Pseudonymous Identifier
George Fletcher
gffletch at aol.com
Wed May 13 15:40:26 UTC 2009
+1 to using AX and the identity-less flow Andrew identified recently for
claims/attribute based access to web sites.
There are some 3rd-party asserted issues in regards to the validity of
the attribute value but that's a whole different discussion:)
Thanks,
George
Luke Shepard wrote:
> Agreed. If all you want is a group, then I’d think that the response
> would just not include an identifier.
>
> You could use an extension, perhaps AX, to request information about
> the group a user belongs to.
>
> For example, if you wanted to understand company membership, you could
> request and return only http://axschema.org/company/name.
>
> On 5/12/09 11:08 PM, "Martin Atkins" <mart at degeneration.co.uk> wrote:
>
> Chris Messina wrote:
> >
> > So, imagine I use directed identity in a school application...
> when I sign
> > in to the OP, it will return something like
> schoolname.edu/student as the
> > identifier.
> >
>
> Overloading our existing concept of an identifier to support
> identifying
> a group worries me. Most consumers expect an identifier to be for a
> person and are designed around this principle.
>
> I think if groups are useful their design should be different such
> that
> consumers are able to distinguish between a user and a group.
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
More information about the specs
mailing list