Re: Social Web XG Extra Meeting Wed. Oct 6th (12:00 Boston/16:00 London) - Wrapping up Final Report Take 2

Top-posting just to summarize:

 We separate profile providers (that provide attributes) from identity
providers (that authenticate the identity of the person). Since saying
"an identity provider is a service that *may* authenticate and *may*
provide attributes" is a bit too vague, could we just say

"An identity provider is a service that authenticates a person to a
third-party."

"A profile provider is a service that makes claims about a user by
providing attributes to a third-party."

And then note

"Many, but not all, identity providers (Infocards, OpenID 2.0
providers) make claims by providing attributes and so also function as
profile providers in some sense."

That I think covers all the bases. Whaddya think?

    cheers,
         harry




On Thu, Oct 7, 2010 at 9:30 AM, Kaliya <kaliya@mac.com> wrote:
>
> On Oct 7, 2010, at 8:02 AM, Harry Halpin wrote:
>
>> On Thu, Oct 7, 2010 at 8:00 AM, Dick Hardt <dick.hardt@gmail.com> wrote:
>>>
>>> Defining an identity provider to authenticate the user limits
>>>
>>>
>>> On 2010-10-06, at 9:24 AM, Harry Halpin wrote:
>>>>
>>>>
>>>> A identity provider is a service (e.g. an OpenID identity provider)
>>>> that authenticates a person and provides a set of attributes about a
>>>> person to a third-party.
>>>>
>>>> Note that add of *authenticates* and being explicit about a
>>>> third-party. That OK?
>>>>
>>>
>>> Saw this phrase and potentially jumping in out of context.
>>>
>>> Requiring the IdP to authenticate the user restricts a class of IdP's
>>> that may be making only a claim about the user, but not authenticating them.
>>
>> How about  "may" authenticate? Then we cover both bases.
>>
>> We focus mostly on authentication, keeping attributes and claims kinda
>> under the "profile" term, but yes, good point.
>
> Not all authentications move attributes.
>
>>
>>>
>>> -- Dick
>>
>
>

Received on Thursday, 7 October 2010 11:55:48 UTC