22 novembre 2019

OpenID Is Not a Provisioning Engine

By Stephen Downes - Stephen's Web. OpenID Is Not a Provisioning Engine
Having a single login ID is one thing. Having attributes - such as an email address, or list of friends - that you transfer from one site to another is quite another. I have always thought that it would simply be a FOAF file derived from the login ID - that's one of the reasons why I made them URLs, and not, say, unique identifiers. If a user logged in as 'downes.livejournal.com' then their attributes should be found in 'downes.livejournal.com/foaf.xml'. But OpenID does it as a request-response style interaction. That's way too much overhead for something so simple. I think that the reason this hasn't prevailed is that people want to control who gets what attribute. My response to this is: have different identities. That's why mIDm proposed to put them in a dropdown list in the browser. More...

Posté par : pcassuto à - - Permalien [#]