- From: Paul Trevithick <ptrevithick@gmail.com>
- Date: Thu, 7 Oct 2010 08:28:41 -0400
- To: Harry Halpin <hhalpin@ibiblio.org>
- Cc: Kaliya <kaliya@mac.com>, Dick Hardt <dick.hardt@gmail.com>, Mischa Tuffield <mischa.tuffield@garlik.com>, "public-xg-socialweb@w3.org" <public-xg-socialweb@w3.org>
On Oct 7, 2010, at 7:55 AM, Harry Halpin wrote: > Top-posting just to summarize: > > We separate profile providers (that provide attributes) from identity > providers (that authenticate the identity of the person). Since saying > "an identity provider is a service that *may* authenticate and *may* > provide attributes" is a bit too vague, could we just say > > "An identity provider is a service that authenticates a person to a > third-party." > > "A profile provider is a service that makes claims about a user by > providing attributes to a third-party." > > And then note > > "Many, but not all, identity providers (Infocards, OpenID 2.0 > providers) make claims by providing attributes and so also function as > profile providers in some sense." > > That I think covers all the bases. Whaddya think? Sorry, but that's not quite right. Because ALL IdPs make claims. I'll let you wordsmith, but here are the facts: 1) A claim is an attribute/value(s) made by an IdP 2) Some claims are identifier claims 3) All IdPs make at least one claim about the user. 4) Some IdPs make multiple claims 5) Some IdPs authenticate the user. [Dick's point] Examples: * All OpenID IdPs (aka OPs) make at least an identifier claim about the user (usually a global identifier). Some OpenID IdPs support AX (attribute exchange) and provide additional claims. * Infocard IdPs make sets of claims about the user. Usually this claim set does not include a global identifier, it includes a unique identifier generated uniquely for the user-RP relationship.
Received on Thursday, 7 October 2010 12:29:19 UTC