OpenID Is Not a Provisioning Engine

Will Norris, Weblog, Nov 01, 2007
Commentary by Stephen Downes

Having a single login ID is one thing. Having attributes - such as an email address, or list of friends - that you transfer from one site to another is quite another. I have always thought that it would simply be a FOAF file derived from the login ID - that's one of the reasons why I made them URLs, and not, say, unique identifiers. If a user logged in as 'downes.livejournal.com' then their attributes should be found in 'downes.livejournal.com/foaf.xml'. But OpenID does it as a request-response style interaction. That's way too much overhead for something so simple. I think that the reason this hasn't prevailed is that people want to control who gets what attribute. My response to this is: have different identities. That's why mIDm proposed to put them in a dropdown list in the browser. This is - eventually - where we'll end up. Unless the large companies pull a Microsoft and create an obfuscated system nobody can write code for.
Views: 0 today, 101 total (since January 1, 2017).[Direct Link]