Dick Hardt wrote: > > On 6-Nov-06, at 11:46 AM, Recordon, David wrote: > >> I see both sides of this discussion. I think John is correct that the >> role of an OP really is not that different than that of SAML's IdP. The >> difference comes down to the trust model. I certainly think reputation >> networks will exist which rate OPs, RPs, users, etc and will ultimately >> be needed for a technologies with "promiscuous trust models" to thrive >> in a large scale. >> >> I guess reading more of this is making me question if renaming IdP >> really is the best thing to do in OpenID. I think if anything we all, >> as a larger community, should be working to bring OpenID and SAML closer >> together versus driving them further apart. > > I don't see this as driving SAML apart from OpenID. I see it as > differentiating OpenID as being user-centric vs federated. > The IdP has > specific meaning in the federated world. A key differentiator with > OpenID is that trust is not needed between the OP and the RP. It is > implied and perhaps needed in the IdP / RP relationship.
I don't believe that trust is a differentiator between SAML specifications and OpenID Authentication specifications. It is AFAICT, in both cases, simply out of scope. I would hope that whatever ends up being the actual technical definition of an OpenID Identity Provider (how about OIdP? ;) does not limit that entity to /only/ doing "untrusted" identity provision. Regards, - John _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs