Brings me to another major distinction that I didn't mention in my
last message to Chris. These discovery services and common cookies
were and are scoped to specific "circles of trust," or federations, or
other cohesive, and generally legally extant entities.
It seems http://xauth.org wants to be the central clearinghouse for
all social identity, much like Google's original CDS idea. I see
absolutely no provisions anywhere for support of e.g. the use of a
"third party XAuth provider". The Google CDS doc even suggests that
it will manage the whitelists.
On Apr 19, 2010, at 7:52 PM, Paul Madsen wrote:
And to clarify Chris's reference to Liberty Alliance, Liberty's
Discovery Service is more comparable to XRD - a service at which the
RP can query the user's various services and locations, (and in
Liberty, obtain security tokens for those discovered endpoints a la
WRAP & WS-Trust)
The Liberty DS did not track current authn sessions like XAuth. And
neither does/did SAML's Common Domain Cookie - it was meant to be a
history of past authn sessions (so slightly less timely info)
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
