Hi Shade,
you're right describing the new drawbacks raised from the need of trust. I'm
proposing to move AX profile from a decentralized model where no trust is
needed to a "federated model" where trust relations exist between parties
(OPs and SPs).
With the current OpenId auth OPs' responsibilit
Score is not about the OP it's about the method used to gather the
attributes itself.
Which is good if you trust the OP to score itself.
In my opinion, and to keep things easy, trust should be binary I
[trust|don't trust] this OP.
For you as a Relying Party this seems workable; but since you
Hi Shade,
thanks for your response. Maybe I explained myself wrong about scores, I'll
try to do it better this time .
Score is not about the OP it's about the method used to gather the
attributes itself. For example name recovered from authentication
certificate issued by a trusted certification a
Hi Allen,
Validates looks fine! . I will make an in-depth study.
The third option you propose looks fine too and the more straightforward in
some cases : If you've a doubt just ask the issuer.
It would work fine on some schemas. For example. If you're verifying user's
name or dob and user is pro
Hi David,
There has been a lot of discussion about adding Attribute Metadata to AX
2.0, and this is within the charter of the proposed AX 2.0 Working Group.
http://wiki.openid.net/OpenID_Attribute_Exchange_Extension_2_0
One of the primary use cases driving this is to enable an OP to describe
In Openid attributes are alegated, so you don't have to trust the OP
because there's nothing to trust on. Dealing with certified
attributes create a problem : how could I, as a relying party, know
that this OP works fine and if it says "level 4" all criteria to
consider were done the right way.
My company is starting a new Identity Management Service and we want to
built it's AX interface over OpenId AX profile.
I'll introduce myself at the very beginning. My name is Dave Garcia and I'm
working in a startup named Tractis in Spain. We have been offering online
contracts using digital sign