On 10-Oct-06, at 10:23 AM, Josh Hoyt wrote: > On 10/10/06, Dick Hardt <[EMAIL PROTECTED]> wrote: >> I am really unclear on why do we need both openid.identity and >> openid.rpuserid? > > RP user id is the identifier by which the relying party knows the > user.
This is the one that the user gave the RP? > "openid.identity" is the IdP user id. Where did this come from? > The IdP user id is the > "delegate" if one is present, or the same as the RP user id if it is > not. This is consistent with its current usage. I don't think the delegate needs to be moved. Please see http://openid.net/pipermail/specs/2006-October/000310.html > Having this field allows IdP-driven identifier selection to return an > assertion that works with a delegated identifier, since the IdP can > specify the RP user id that the user wants. > > It also allows the IdP to e.g. make persona selections based on the > way that the user identified himself to the RP. I think I am accomplishing all of that in my proposal, and I think it is much simpler and easier to understand. But I might be missing some capability. -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs