+1 to using AX and the identity-less flow Andrew identified recently for
claims/attribute based access to web sites.
There are some 3rd-party asserted issues in regards to the validity of
the attribute value but that's a whole different discussion:)
Thanks,
George
Luke Shepard wrote:
Agreed. If all you want is a group, then I’d think that the response
would just not include an identifier.
You could use an extension, perhaps AX, to request information about
the group a user belongs to.
For example, if you wanted to understand company membership, you could
request and return only http://axschema.org/company/name.
On 5/12/09 11:08 PM, "Martin Atkins" <m...@degeneration.co.uk> wrote:
Chris Messina wrote:
>
> So, imagine I use directed identity in a school application...
when I sign
> in to the OP, it will return something like
schoolname.edu/student as the
> identifier.
>
Overloading our existing concept of an identifier to support
identifying
a group worries me. Most consumers expect an identifier to be for a
person and are designed around this principle.
I think if groups are useful their design should be different such
that
consumers are able to distinguish between a user and a group.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
------------------------------------------------------------------------
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
