On 7-Nov-06, at 7:59 AM, John Kemp wrote: > Dick Hardt wrote: >> >> On 6-Nov-06, at 11:46 AM, Recordon, David wrote: >> >>> I see both sides of this discussion. I think John is correct >>> that the >>> role of an OP really is not that different than that of SAML's >>> IdP. The >>> difference comes down to the trust model. I certainly think >>> reputation >>> networks will exist which rate OPs, RPs, users, etc and will >>> ultimately >>> be needed for a technologies with "promiscuous trust models" to >>> thrive >>> in a large scale. >>> >>> I guess reading more of this is making me question if renaming IdP >>> really is the best thing to do in OpenID. I think if anything we >>> all, >>> as a larger community, should be working to bring OpenID and SAML >>> closer >>> together versus driving them further apart. >> >> I don't see this as driving SAML apart from OpenID. I see it as >> differentiating OpenID as being user-centric vs federated. >> The IdP has >> specific meaning in the federated world. A key differentiator with >> OpenID is that trust is not needed between the OP and the RP. It is >> implied and perhaps needed in the IdP / RP relationship. > > I don't believe that trust is a differentiator between SAML > specifications and OpenID Authentication specifications. > > It is AFAICT, in both cases, simply out of scope.
I should have been more clear, IdP is a Federation term and implies trust between the IdP and the RP. That is the definition that many people have about an IdP Since trust is NOT required between an OP and an RP in OpenID, a different term helps clarify that important point > > I would hope that whatever ends up being the actual technical > definition > of an OpenID Identity Provider (how about OIdP? ;) does not limit that > entity to /only/ doing "untrusted" identity provision. If the entity being an OP is ALSO making "trusted" statements about the user, ie. the RP does have a trust relationship, then the OP entity has a different role at that time, which needs a different name. Authoritative Party? -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
