On 10/10/06, Dick Hardt <[EMAIL PROTECTED]> wrote: > I am really unclear on why do we need both openid.identity and > openid.rpuserid?
RP user id is the identifier by which the relying party knows the user. "openid.identity" is the IdP user id. The IdP user id is the "delegate" if one is present, or the same as the RP user id if it is not. This is consistent with its current usage. Having this field allows IdP-driven identifier selection to return an assertion that works with a delegated identifier, since the IdP can specify the RP user id that the user wants. It also allows the IdP to e.g. make persona selections based on the way that the user identified himself to the RP. Does that help? Josh _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs