John Merrells wrote:
DIX-ers,Here's an individual submission of a draft specification of a 'Digital Identity eXchange' protocol.
The draft identifies the user via a persona url, and there is a parameter in the fetch request that may request the persona url (and another which requests multiple persona urls). To clarify, the intention is that after/during homesite user authentication that the persona-url is resolved for the homesite i.e. that the user chooses the persona-url at some point or alternatively it is chosen for them by the homesite based on their local credentials. To clarify further - it is not a requirement that this persona-url be resolvable in any meaningful sense other than as an arbitrary identifier.
Also, what responsibilities does the homesite have for the validity of the information supplied? Should it only return information from a trusted source or is it acceptable to ask the user for data it doesn't know about? Should this be a protocol level decision? Assuming some level of trust has been established between the homesite and the membersite it might be useful to be able to specify this on an individual attribute basis. Or maybe I am way off base here, and the intent is that the homesite gives what it can and it is up to the homesite to get the rest, possibly resulting in a store-request?
-- Pete
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
