- From: Kaliya <kaliya@mac.com>
- Date: Thu, 07 Oct 2010 13:07:50 +0100
- To: Harry Halpin <hhalpin@ibiblio.org>
- Cc: Dick Hardt <dick.hardt@gmail.com>, Mischa Tuffield <mischa.tuffield@garlik.com>, Paul Trevithick <ptrevithick@gmail.com>, public-xg-socialweb@w3.org
On Oct 7, 2010, at 12:55 PM, Harry Halpin wrote: > Top-posting just to summarize: > > We separate profile providers (that provide attributes) from identity > providers (that authenticate the identity of the person). Since saying > "an identity provider is a service that *may* authenticate and *may* > provide attributes" is a bit too vague, could we just say > > "An identity provider is a service that authenticates a person to a > third-party." > > "A profile provider is a service that makes claims about a user by > providing attributes to a third-party." > > And then note > > "Many, but not all, identity providers (Infocards, OpenID 2.0 > providers) make claims by providing attributes and so also function as > profile providers in some sense." > Infocards are not an identity provider. Thy are an identity selector tool & protocol. The basic architecture supports the user choosing claims to a relying party website via the metaphor of "cards". The IMI (Identity Metasystem Interoperability) protocol at OASIS is where this is defined. InfoCards support the user making claims including "I am this particular user who visited this site last time and this is my identifier" but also supports making claims like "I am over 18" without reveling a date or particular identifiers. OpenID is about an identifier (URL) that the user authenticates against and my with AX (attribute exchange) also pass profile information. > That I think covers all the bases. Whaddya think? > > cheers, > harry > > > > > On Thu, Oct 7, 2010 at 9:30 AM, Kaliya <kaliya@mac.com> wrote: >> >> On Oct 7, 2010, at 8:02 AM, Harry Halpin wrote: >> >>> On Thu, Oct 7, 2010 at 8:00 AM, Dick Hardt <dick.hardt@gmail.com> >>> wrote: >>>> >>>> Defining an identity provider to authenticate the user limits >>>> >>>> >>>> On 2010-10-06, at 9:24 AM, Harry Halpin wrote: >>>>> >>>>> >>>>> A identity provider is a service (e.g. an OpenID identity >>>>> provider) >>>>> that authenticates a person and provides a set of attributes >>>>> about a >>>>> person to a third-party. >>>>> >>>>> Note that add of *authenticates* and being explicit about a >>>>> third-party. That OK? >>>>> >>>> >>>> Saw this phrase and potentially jumping in out of context. >>>> >>>> Requiring the IdP to authenticate the user restricts a class of >>>> IdP's >>>> that may be making only a claim about the user, but not >>>> authenticating them. >>> >>> How about "may" authenticate? Then we cover both bases. >>> >>> We focus mostly on authentication, keeping attributes and claims >>> kinda >>> under the "profile" term, but yes, good point. >> >> Not all authentications move attributes. >> >>> >>>> >>>> -- Dick >>> >> >>
Received on Thursday, 7 October 2010 12:09:37 UTC