The CardSpace factor
George Fletcher
gffletch at aol.com
Fri Feb 16 21:47:26 UTC 2007
Actually, I don't think the issue is whether the card is self-asserted
or managed. The issue is how does the RP ask for a "public personal
identifier" when it activates Cardspace with a list of claims that it
needs. This claim could be self-asserted or managed, though in the case
of an OpenID I agree that it probably makes more sense for that to come
from a managed card.
Thanks,
George
Eric Norman wrote:
> On Feb 16, 2007, at 3:20 PM, Drummond Reed wrote:
>
>
>> George,
>>
>> If you're nominating "public personal identifier" as the name of a
>> proposed
>> CardSpace attribute for an OpenID URL or XRI representing an
>> individual on a
>> self-asserted card, I like it. It's a perfect counterpoint to the
>> current
>> "private personal identifier" claim, which is really for internal
>> CardSpace
>> use.
>>
>
> Instead of making an OpenID URL a self-asserted claim,
> there might be another possible avenue to explore.
>
> Set up CardSpace such that managed cards can be supplied
> by a user's OpenID server. The difference is that the
> user does the managing. That is, it's just a matter of
> whether the user does her self-asserting on a server of
> her choice or on some database on her desktop. In either
> case, the level of assurance is the same, isn't it?
>
> Eric Norman
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
>
More information about the user-experience
mailing list