Building identity on top of OAuth 2.0?
John Kemp
john at jkemp.net
Thu May 20 15:00:56 UTC 2010
On May 20, 2010, at 10:54 AM, Ben Laurie wrote:
> > This is already relaxed by federation since the IdP has to assert the identity,
>
> The IdP (in most federated systems I've ever seen) is making an assertion that:
>
> i) It has verified, in some way, the identity of someone.
> ii) That this same "someone" has an account with the IdP
> and optionally, iii) That this same "someone" has recently supplied a shared secret indicating that he or she is "logged in" to his or her account at the IdP.
>
> None of those things is an assertion about "identity", per se.
>
> I'm not sure I'm really interested in this discussion,
By which, I suppose you must (roughly) agree with my statements ;)
> but I note you said "...verified the identity... " which sounds to me like it might have something to do with identity. Per se.
"Something to do with...", certainly. Not the same thing as "assert the identity".
Regards,
- johnk
More information about the specs
mailing list