> Quite. Or you end up forcing them to use a particular OpenID
> Provider, which kind of defeats the point of OpenID.
But...
Whatever technology we adopt, we need some kind of formalised, managed
'federation' - a set of rules for taking part. Agreed?
Wouldn't an OpenID Federation, in which one of the roles of the
federation managing agent would be to maintain a whitelist of OpenID
providers that are 'within' the federation (and that can therefore be
trusted by everyone else in the federation) make sense?
Not quite the fully de-centralised world of mainstream OpenID I agree -
but a step towards the integration of things that are 'inside' and
'outside' the education community?
Andy
--
Head of Development, Eduserv Foundation
http://www.eduserv.org.uk/foundation/
http://efoundations.typepad.com/
[log in to unmask]
+44 (0)1225 474319
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Fiona Culloch
> Sent: 10 December 2008 13:59
> To: [log in to unmask]
> Subject: Re: JISC OpenID Report
>
> Jon Warbrick wrote:
>
> > ... and you (as a service operator) have to decide if you
> are willing
> > to trust each user's chosen OpenID identity provider,
> something which
> > in general you are not in a position to do.
>
> Quite. Or you end up forcing them to use a particular OpenID
> Provider, which kind of defeats the point of OpenID.
>
> Fiona.
>
|