Attributes like group membership belong in AX, not in the identifier.
I suspect the idea is to have a pseudonymous identifier that discloses nothing about the person using it other than the fact that they can assert the same ID each time they return to prevent correlation.
This was one of Kim Camerons laws of identity regarding minimal disclosure.
Info-card takes this approach with personal cards using a PPID + public key that allows a totally pseudonymous identity to be asserted.
I think Google is on the right track using AX to assert identity information like email but keeping the openID itself non- correlatable. It also leaves open a path for users moving between OP's if the important part of the assertion is not the URL itself.
I think users should have the option to use both correlatable and non- correlatable identities as appropriate, and wish more OPs supported it.
John Bradley On 13-May-09, at 12:07 PM, specs-requ...@openid.net wrote:
Date: Tue, 12 May 2009 23:13:01 -0700 From: Luke Shepard <lshep...@facebook.com> Subject: Re: Requiring Pseudonymous Identifier To: Martin Atkins <m...@degeneration.co.uk>, OpenID Specs Mailing List <specs@openid.net> Message-ID: <c62fb2fd.bceb%lshep...@facebook.com> Content-Type: multipart/alternative; boundary="_000_C62FB2FDBCEBlshepardfacebookcom_" --_000_C62FB2FDBCEBlshepardfacebookcom_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printableAgreed. If all you want is a group, then I'd think that the response would =just not include an identifier.You could use an extension, perhaps AX, to request information about the gr=oup a user belongs to.For example, if you wanted to understand company membership, you could requ=est and return only http://axschema.org/company/name. On 5/12/09 11:08 PM, "Martin Atkins" <m...@degeneration.co.uk> wrote: Chris Messina wrote:So, imagine I use directed identity in a school application... when I sig=nin to the OP, it will return something like schoolname.edu/student as theidentifier.Overloading our existing concept of an identifier to support identifyinga group worries me. Most consumers expect an identifier to be for a person and are designed around this principle.I think if groups are useful their design should be different such thatconsumers are able to distinguish between a user and a group. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs