Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread Martin Atkins
SitG Admin wrote: http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html I'd like to see the 4th draft of this include a URI level authentication property. I'd like to know whether the OP is asserting

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread SitG Admin
What's the use-case? If the RP doesn't care about distinguishing between users that have accounts at a site but identify themselves as such anonymously, it can reclassify them as users that have accounts at a site, consolidating what could be a large number of identities into a single

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread Paul Madsen
Hi Shade, AQE has long ago been deprecated in favour of PAPE paul SitG Admin wrote: http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html I'd like to see the 4th draft of this include a URI level

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread SitG Admin
Hi Shade, AQE has long ago been deprecated in favour of PAPE Hmm . . . looks like PAPE is more of *how* the user was authenticated than the *quality* of their authentication (the latter seemed appropriate for what quality of identity the RP should take the OP as asserting). Looking at the

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread SitG Admin
All of your use-cases here seem to be to do with the RP somehow discriminating against users that have a flag set. There's a new use-case type in my reply to Paul Madsen. By the way, I'm concerned about your phrasing there. By saying that the RP discriminates *against* such users, it implies

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread George Fletcher
SitG Admin wrote: I've quoted your entire message below my reply since you appear to have sent your message to me directly and not to the list ;) oops... sorry How would the OP know if the user it's authenticating is a member at the RP? Not a member at the RP, a member at the OP (or any

RE: This is user's URI for Assertion Quality Extension

2008-09-05 Thread SitG Admin
None of them were assumed by me; I don't consider the use-case to rely on any of them. 1) A directed identity URI creates a situation where the RP *doesn't know* whether it is a real URI or not. (This assumption has been hypothetically mitigated by an idea that occurred to me during this

RE: This is user's URI for Assertion Quality Extension

2008-09-05 Thread Drummond Reed
: This is user's URI for Assertion Quality Extension None of them were assumed by me; I don't consider the use-case to rely on any of them. 1) A directed identity URI creates a situation where the RP *doesn't know* whether it is a real URI or not. (This assumption has been hypothetically mitigated