On 10/6/06, Martin Atkins <[EMAIL PROTECTED]> wrote: > * The IdP returns a document naming its authentication endpoint (in the > "URI" field) and a special anonymous token as openid:Token. openid:Token > may be the same as the public identifier from the previous step, but > this is not required.
Anonymous is not a good thing to call this. What IdP-driven identifier selection does is let the IdP help the user choose an identifier. In no way is the response any more anonymous than an identifier that was typed in by the user. It is true that one of the motivations for this feature is the great improvement in the user experience for site-specific identifiers, but the IdP could just as well return a cross-site identifier for the user. Sorry to go on about terminology, but I think it's important for understanding what's really going on. Josh _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs