Reading through the proposed topics for IIW2008a I noticed that George Fletcher blogged about something that I want too.
Though calling it Identity Metasystem Markup Language seems a little too big, I think.
Anyway I posted something similar to the osis-general mailing list on May 2nd.
Using <link rel="metadata" ...> to indicate what the RP wants is a good idea, I think. This is very simple and very much simpler than embedded objects.
What I like most about this idea is that we might get rid of any RP login form etc all together. If the browser/UA/client notices this new "link" then it can display a dialog or whatever to the user and there is no need for RP generated login forms. This way we have a unified user experience at the user's choice.
What we need next: Do the same with privacy statements. There should be a "link" to the privacy statement of the RP (maybe this is part of the metadata already?). The privacy statement should be kind of machine readable too. I want the browser to be able to help the user to make the right decision here. Well, we need much more but this might be a start.
----
This topic is related to "identity selector advertising"... The selector should/could advertise to the RP that it understands to handle "link metadata" and then the RP could avoid sending <object type="application/x-informationcard" ..> because it now knows that the id selector will offer the user the option to send his claims.
Integrity Properties for Federations
2 weeks ago
No comments:
Post a Comment