If an RP only needs group membership and no individual identity, then why assert an identifier at all? Use OAuth or identity-less OpenID. I think it would seriously cloud OpenID's Identifiers if an AX attribute that may or may not be noticed or included significantly changes what the identifier's significant meaning is.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Wed, May 13, 2009 at 8:36 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Attributes like group membership belong in AX, not in the identifier.<br>
<br>
I suspect the idea is to have a pseudonymous identifier that discloses nothing about the person using it other than the fact that they can assert the same ID each time they return to prevent correlation.<br>
</blockquote>
<br></div>
To further prevent correlation, the OP may wish to support users in authenticating as members of a group - *in such a way* that individual users cannot be distinguished from one another. If not for that, RP's could correlate information over time, establishing theoretical profiles of the users.<br>
<br>
I think one compromise could be to use a traditional identifier, and then use AX to signal to the RP that the OP might vouch for more than one individual having that URI.<br>
<br>
-Shade<div><div></div><div class="h5"><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
</div></div></blockquote></div><br>