Re: Social Web XG Extra Meeting Wed. Oct 6th (12:00 Boston/16:00 London) - Wrapping up Final Report Take 2 from Harry Halpin on 2010-10-07 (public-xg-socialweb@w3.org from October 2010)

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Thu, 7 Oct 2010 14:34:30 +0200
To: Paul Trevithick <ptrevithick@gmail.com>
Cc: Kaliya <kaliya@mac.com>, Dick Hardt <dick.hardt@gmail.com>, Mischa Tuffield <mischa.tuffield@garlik.com>, "public-xg-socialweb@w3.org" <public-xg-socialweb@w3.org>
Message-ID: <AANLkTink9pSi6jOEWs+rkTrO5B9D=E=aTtQ3QLxhpH6N@mail.gmail.com>

On Thu, Oct 7, 2010 at 2:28 PM, Paul Trevithick <ptrevithick@gmail.com> wrote:
>
> On Oct 7, 2010, at 7:55 AM, Harry Halpin wrote:
>
>> Top-posting just to summarize:
>>
>> We separate profile providers (that provide attributes) from identity
>> providers (that authenticate the identity of the person). Since saying
>> "an identity provider is a service that *may* authenticate and *may*
>> provide attributes" is a bit too vague, could we just say
>>
>> "An identity provider is a service that authenticates a person to a
>> third-party."
>>
>> "A profile provider is a service that makes claims about a user by
>> providing attributes to a third-party."
>>
>> And then note
>>
>> "Many, but not all, identity providers (Infocards, OpenID 2.0
>> providers) make claims by providing attributes and so also function as
>> profile providers in some sense."
>>
>> That I think covers all the bases. Whaddya think?
>
> Sorry, but that's not quite right. Because ALL IdPs make claims.
>
> I'll let you wordsmith, but here are the facts:
>
> 1) A claim is an attribute/value(s) made by an IdP
> 2) Some claims are identifier claims
> 3) All IdPs make at least one claim about the user.
> 4) Some IdPs make multiple claims
> 5) Some IdPs authenticate the user. [Dick's point]

We can just ditch this "profile provider" term then as it seems
redundant. But we want to remain studiously neutral to data formats
for attributes :)

"Identity providers make claims (at least one) by providing attributes
and so also function as providers of profile attributes, and may or
may not authenticate the identity of a user. One of the most important
parts of any profile claim is the identifier (a URI, including an
e-mail address) for a user, although making claims may not always
reveal that identifier."

> Examples:
> * All OpenID IdPs (aka OPs) make at least an identifier claim about the user (usually a global identifier). Some OpenID IdPs support AX (attribute exchange) and provide additional claims.
> * Infocard IdPs make sets of claims about the user. Usually this claim set does not include a global identifier, it includes a unique identifier generated uniquely for the user-RP relationship.
>
>

Received on Thursday, 7 October 2010 12:35:02 UTC