relying on what?

Drummond Reed drummond.reed at cordance.net
Mon Nov 28 16:00:58 PST 2005


Joaquin,

 

>From the general use of "relying party" I have seen, the photo site
definitely qualifies. They are relying on the claims in the YADIS document
(the identity-based information) to provide a service to the end-user.

 

All websites that "consume" identity documents (YCD/XRD) or security tokens
(SAML, OpenID, LID) are relying parties.

 

In general, I'd suggest that YADIS consider standardizing on the lexicon
being developed at the IdentityGang site:

 

            http://www.identitygang.org/Lexicon

 

A whole bunch of work on refining these terms is going on there, and it
crosses all the major identity technology/standards initiatives that I know
of.

 

(Ironically "relying party" is not on the lexicon page yet, however it has
been proposed by Paul Trevithick, the main "gardener" of that wiki. I'm
cc'ing him to let him know the discussion is going on over here.)

 

=Drummond 

 

  _____  

From: yadis-bounces at lists.danga.com [mailto:yadis-bounces at lists.danga.com]
On Behalf Of Joaquin Miller
Sent: Monday, November 28, 2005 3:03 PM
To: YADDIS list
Subject: relying on what?

 

Would you say that in this case [below] the photo hosting site is a "relying
party"? 


I wanted to say: No.

And i fetched the definition we have posted to bolster my case:

Relying Party.
A server, website, other URL-located resource or application that uses a
YADIS URL (and the information accessible using a YADIS URL) provided by a
Citizen. The Relying Party discovers the capabilities of any provided YADIS
URL according to the YADIS Capability Discovery
<http://yadis.org/wiki/Capability_Discovery_Protocol>  Protocol, and
modifies its own behavior accordingly.   http://yadis.org/wiki/Terminology

Sadly, the answer appears to be: Yes.

I am reminded of back in the days when Man was known as Homo faber, the
toolmaker.  Jane Goodall sent her periodic report to Leaky, and this one
described the mother teaching her daughter to make a tool for catching
termites.  Leaky sent her a telegram: "Now we must redefine tool, redefine
man, or accept chimpanzees as humans." 

I suggest we redefine 'relying party,' to limit it to parties relying on
so-called "identity information."

Of course, if our expectations come to pass, YADIS, OpenID, LID and the like
will grow and the day will soon come when our narrow 'relying party'
definition is just definition 1 a. among 1 b., 1 c., and 2.  Then the answer
will again be: Yes.




Imagine that a website ... is using YADIS to declare the operations it
supports. In this case, it's the website that has the "identity", not a
person. Our photohosting site asks the user to enter a YADIS identity for
himself and the URL of the site to post to. The photohosting site then uses
YADIS capability discovery to find out what versions of the "post an entry
to a weblog" capability are supported.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20051128/82d94186/attachment.html


More information about the yadis mailing list