Re: Social Web XG Extra Meeting Wed. Oct 6th (12:00 Boston/16:00 London) - Wrapping up Final Report Take 2

On Oct 7, 2010, at 12:55 PM, Harry Halpin wrote:

> Top-posting just to summarize:
>
> We separate profile providers (that provide attributes) from identity
> providers (that authenticate the identity of the person). Since saying
> "an identity provider is a service that *may* authenticate and *may*
> provide attributes" is a bit too vague, could we just say
>
> "An identity provider is a service that authenticates a person to a
> third-party."
>
> "A profile provider is a service that makes claims about a user by
> providing attributes to a third-party."
>
> And then note
>
> "Many, but not all, identity providers (Infocards, OpenID 2.0
> providers) make claims by providing attributes and so also function as
> profile providers in some sense."
>

Infocards are not an identity provider.
Thy are an identity selector tool & protocol.

The basic architecture supports the user choosing claims to a relying  
party website via the metaphor of "cards".

The IMI (Identity Metasystem Interoperability) protocol at OASIS is  
where this is defined.

InfoCards support the user making claims including "I am this  
particular user who visited this site last time and this is my  
identifier" but also supports making claims like "I am over 18"  
without reveling a date or particular identifiers.

OpenID is about an identifier (URL) that the user authenticates  
against and my with AX (attribute exchange) also pass profile  
information.


> That I think covers all the bases. Whaddya think?
>
>    cheers,
>         harry
>
>
>
>
> On Thu, Oct 7, 2010 at 9:30 AM, Kaliya <kaliya@mac.com> wrote:
>>
>> On Oct 7, 2010, at 8:02 AM, Harry Halpin wrote:
>>
>>> On Thu, Oct 7, 2010 at 8:00 AM, Dick Hardt <dick.hardt@gmail.com>  
>>> wrote:
>>>>
>>>> Defining an identity provider to authenticate the user limits
>>>>
>>>>
>>>> On 2010-10-06, at 9:24 AM, Harry Halpin wrote:
>>>>>
>>>>>
>>>>> A identity provider is a service (e.g. an OpenID identity  
>>>>> provider)
>>>>> that authenticates a person and provides a set of attributes  
>>>>> about a
>>>>> person to a third-party.
>>>>>
>>>>> Note that add of *authenticates* and being explicit about a
>>>>> third-party. That OK?
>>>>>
>>>>
>>>> Saw this phrase and potentially jumping in out of context.
>>>>
>>>> Requiring the IdP to authenticate the user restricts a class of  
>>>> IdP's
>>>> that may be making only a claim about the user, but not  
>>>> authenticating them.
>>>
>>> How about  "may" authenticate? Then we cover both bases.
>>>
>>> We focus mostly on authentication, keeping attributes and claims  
>>> kinda
>>> under the "profile" term, but yes, good point.
>>
>> Not all authentications move attributes.
>>
>>>
>>>>
>>>> -- Dick
>>>
>>
>>

Received on Thursday, 7 October 2010 12:09:37 UTC