+1 to using AX and the identity-less flow Andrew identified recently for claims/attribute based access to web sites.

There are some 3rd-party asserted issues in regards to the validity of the attribute value but that's a whole different discussion:)

Thanks,
George

Luke Shepard wrote:
Agreed. If all you want is a group, then I’d think that the response would just not include an identifier.

You could use an extension, perhaps AX, to request information about the group a user belongs to.

For example, if you wanted to understand company membership, you could request and return only http://axschema.org/company/name.

On 5/12/09 11:08 PM, "Martin Atkins" <m...@degeneration.co.uk> wrote:

    Chris Messina wrote:
    >
    > So, imagine I use directed identity in a school application...
    when I sign
    > in to the OP, it will return something like
    schoolname.edu/student as the
    > identifier.
    >

    Overloading our existing concept of an identifier to support
    identifying
    a group worries me. Most consumers expect an identifier to be for a
    person and are designed around this principle.

    I think if groups are useful their design should be different such
    that
    consumers are able to distinguish between a user and a group.

    _______________________________________________
    specs mailing list
    specs@openid.net
    http://openid.net/mailman/listinfo/specs

------------------------------------------------------------------------

_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to