On Tue, 12 May 2009, Luke Shepard wrote:

Agreed. If all you want is a group, then I’d think that the response
would just not include an identifier.

You could use an extension, perhaps AX, to request information about the
group a user belongs to.

For example, if you wanted to understand company membership, you could
request and return only http://axschema.org/company/name.

FWIW, this is consistent with years of practice in many technical domains, including Kerberos and SAML.

 - RL "Bob"
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to