Comments on: OpenID provider wish-list http://willnorris.com/2007/03/openid-provider-wish-list managing identity Fri, 21 Nov 2008 21:13:53 +0000 hourly 1 By: hCard is not a provisioning engine (for private data) http://willnorris.com/2007/03/openid-provider-wish-list#comment-14658 hCard is not a provisioning engine (for private data) Mon, 05 Nov 2007 23:30:17 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-14658 <p>[...] to provide to a relying party, but do not want to publish in my public hCard. As I included in my OpenID provider wish-list, OpenID providers will need to provide the tools to manage the policies controlling this release of [...]</p> […] to provide to a relying party, but do not want to publish in my public hCard. As I included in my OpenID provider wish-list, OpenID providers will need to provide the tools to manage the policies controlling this release of […]

]]> By: Philip Malan http://willnorris.com/2007/03/openid-provider-wish-list#comment-1442 Philip Malan Sun, 11 Mar 2007 09:17:07 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-1442 <p>Will,</p> <p>An excellent list. I see you mentioned iamdentity here as well. I'm one of the main developers of the iamdentity solution. We want to create a centralised identity management solution where you can control all your online identities.</p> <p>OpenID is part of this and we want to expand on this as well. At the moment we include:</p> <ol> <li><p>Strong Authentication - We have a one-time key sent to the user. We have just agreed a partnership deal with a key-token provider. Soon users will have the option to use a key-token as a strong authentication method as well.</p></li> <li><p>Attribute Release Properties - You control what is released to the website</p></li> <li><p>Identity Linking - You can link all your OpenIDs to your profile and manage it from there as well.</p></li> </ol> <p>We are thinking of implementing the Audit Trail for OpenID as well (we have it for our normal iamdentity solution).</p> <p>As we are creating a solution for the internet community, we work with the internet community. Let me know what you want to see in the iamdentity profile manager.</p> Will,

An excellent list. I see you mentioned iamdentity here as well. I’m one of the main developers of the iamdentity solution. We want to create a centralised identity management solution where you can control all your online identities.

OpenID is part of this and we want to expand on this as well. At the moment we include:

  1. Strong Authentication - We have a one-time key sent to the user. We have just agreed a partnership deal with a key-token provider. Soon users will have the option to use a key-token as a strong authentication method as well.

  2. Attribute Release Properties - You control what is released to the website

  3. Identity Linking - You can link all your OpenIDs to your profile and manage it from there as well.

We are thinking of implementing the Audit Trail for OpenID as well (we have it for our normal iamdentity solution).

As we are creating a solution for the internet community, we work with the internet community. Let me know what you want to see in the iamdentity profile manager.

]]> By: Will Norris http://willnorris.com/2007/03/openid-provider-wish-list#comment-1427 Will Norris Sat, 10 Mar 2007 01:32:32 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-1427 <p>[quote comment="1425"]If the user regards the IDs as equivalent, then it is superfluous to ask the implementation to understand them as equivalent, too.[/quote]</p> <p>The primary use case I'm thinking about is voluntary identity aggregation. There is certainly a case for an individual desiring to have multiple IDs and keep them separate, and that is easy enough to do today. However, what if I have multiple IDs (perhaps one for work and one for personal use) but I <i>want</i> people to know that they belong to the same person? There's no good way to do that right now.</p> <p>Interestingly, Martin Atkins also <a href="http://apparentlymart.livejournal.com/6600.html">wrote</a> about a similar topic today, as did <a href="http://www.notsorelevant.com/2007-03-04/problem-of-multiple-openid-accounts/">Carsten Pötter</a> last week.</p> <p>[quote comment="1426"]As for identity linking, Mark Wahl recently proposed to make the OP act as a proxy for multiple OpenID identities. Is that something you'd like your provider to do?[/quote]It sounds like Mark was talking a bit about attribute aggregation as well, unless I read it wrong. Proxying identities I might be okay with, but when it comes to attributes I get a bit more paranoid. I'm not sure I want my primary OP knowing what kind of attributes my bank or doctor's office might be asserting about me.</p>

http://willis.myopenid.com/ wrote:

If the user regards the IDs as equivalent, then it is superfluous to ask the implementation to understand them as equivalent, too.

The primary use case I’m thinking about is voluntary identity aggregation. There is certainly a case for an individual desiring to have multiple IDs and keep them separate, and that is easy enough to do today. However, what if I have multiple IDs (perhaps one for work and one for personal use) but I want people to know that they belong to the same person? There’s no good way to do that right now.

Interestingly, Martin Atkins also wrote about a similar topic today, as did Carsten Pötter last week.

Dmitry Shechtman wrote:

As for identity linking, Mark Wahl recently proposed to make the OP act as a proxy for multiple OpenID identities. Is that something you’d like your provider to do?

It sounds like Mark was talking a bit about attribute aggregation as well, unless I read it wrong. Proxying identities I might be okay with, but when it comes to attributes I get a bit more paranoid. I’m not sure I want my primary OP knowing what kind of attributes my bank or doctor’s office might be asserting about me.

]]> By: Dmitry Shechtman http://willnorris.com/2007/03/openid-provider-wish-list#comment-1426 Dmitry Shechtman Sat, 10 Mar 2007 00:43:09 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-1426 <p>Indeed, well said. As for identity linking, Mark Wahl recently proposed to make the OP act as a proxy for multiple OpenID identities. Is that something you'd like your provider to do?</p> Indeed, well said. As for identity linking, Mark Wahl recently proposed to make the OP act as a proxy for multiple OpenID identities. Is that something you’d like your provider to do?

]]> By: http://willis.myopenid.com/ http://willnorris.com/2007/03/openid-provider-wish-list#comment-1425 http://willis.myopenid.com/ Fri, 09 Mar 2007 17:06:00 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-1425 <p>Excellent list. I'm not sure I understand what you mean by the Identity Linking item, though. Doesn't the decision to regard multiple IDs as equivalent short out the need for those IDs? I'm talking conceptually here, not just in OpenID. If the user regards the IDs as equivalent, then it is superfluous to ask the implementation to understand them as equivalent, too. The user can act as any of them, with the same outcome. Human third parties would have something to gain by perceiving the equivalence, but again this is not something that the identity service needs to (or could) understand as well.</p> Excellent list. I’m not sure I understand what you mean by the Identity Linking item, though. Doesn’t the decision to regard multiple IDs as equivalent short out the need for those IDs? I’m talking conceptually here, not just in OpenID. If the user regards the IDs as equivalent, then it is superfluous to ask the implementation to understand them as equivalent, too. The user can act as any of them, with the same outcome. Human third parties would have something to gain by perceiving the equivalence, but again this is not something that the identity service needs to (or could) understand as well.

]]> By: 针对OpenID服务商的希望 » OpenID Planet http://willnorris.com/2007/03/openid-provider-wish-list#comment-1414 针对OpenID服务商的希望 » OpenID Planet Thu, 08 Mar 2007 14:21:57 +0000 http://willnorris.com/2007/03/openid-provider-wish-list#comment-1414 <p>[...] 在OpenID应用网站等级划分一文里面谈到的是针对OpenID应用网站的等级划分,其实也就是对应用网站的一个希望列表。willnorris.com在文章OpenID provider wish-list中提到了作为一个OpenID用户对服务商的希望。一个理想中的OpenID服务商该是怎样的呢,作者提出了以下几个看法。 1、SSL安全保障 2、对用户的有效的身份鉴别认证 3、对应用网站的审查机制 4、对个人资料显示内容的选择 5、能在验证过程中对当前网站认证修改个人资料信息 6、多帐户协和 [...]</p> […] 在OpenID应用网站等级划分一文里面谈到的是针对OpenID应用网站的等级划分,其实也就是对应用网站的一个希望列表。willnorris.com在文章OpenID provider wish-list中提到了作为一个OpenID用户对服务商的希望。一个理想中的OpenID服务商该是怎样的呢,作者提出了以下几个看法。 1、SSL安全保障 2、对用户的有效的身份鉴别认证 3、对应用网站的审查机制 4、对个人资料显示内容的选择 5、能在验证过程中对当前网站认证修改个人资料信息 6、多帐户协和 […]

]]>