[OpenID] general Digest, Vol 32, Issue 23

Peter Williams pwilliams at rapattoni.com
Sat Apr 4 17:36:23 UTC 2009

AX was supposed to be a better sreg, with flexible attribute definition.

It wasn't supposed to be an infrastructure for the projection of privacy-controls and/or governance regimes.

Certain insiders may have better information on that "other"  intended scope. Perhaps AX was always about projection of attribute _controls_.

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of John Bradley
Sent: Friday, April 03, 2009 11:10 PM
To: general at openid.net
Subject: Re: [OpenID] general Digest, Vol 32, Issue 23

Yes the point being that while everyone had the same AX book they seem to be reading from different chapters.

In my OSIS testing I realized that AX is facing adoption resistance because of different high-level interpretations of how it aught to work.

The spec per se is fine,  we are missing the high level interop guidelines.

That is why when someone on the list pointed to google as an example of how to solve the verified email issue with AX,
I thought it was a good idea to consider how google is doing it .   They are interpreting things differently.

That may be the best solution but we should explore the consequences of going in that direction.

John Bradley

On 3-Apr-09, at 10:42 PM, general-request at openid.net<mailto:general-request at openid.net> wrote:

Date: Fri, 3 Apr 2009 22:41:34 -0700
From: SitG Admin <sysadmin at shadowsinthegarden.com<mailto:sysadmin at shadowsinthegarden.com>>
Subject: Re: [OpenID] About Facebook, MySpace and OpenID
To: Andrew Arnott <andrewarnott at gmail.com<mailto:andrewarnott at gmail.com>>
Cc: general at openid.net<mailto:general at openid.net>
Message-ID: <f06110401c5fca2916b1e@[]>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

'if_available' suggests if the OP happens to know it, then the RP
wants it.  This isn't a 'if_user_opts_in' parameter.  Which makes it
basically the same as 'required', except the OP can feel less badly
about not supplying it.

This may be an attempt at convenience for the user. When the RP
doesn't know how many of its "optional" fields a user may want to
fill out, it can't guess which ones to put as "required" so the OP
will respond - and the RP doesn't want to pose an inconvenience upon
the user to type in fields manually just because the user wasn't
asked for them originally.

That's how I thought AX *worked*, or was supposed to: the user could
click on "fill out this data automatically from my OP", and the RP
would send the user back to their OP just long enough to do so.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090404/42748511/attachment-0001.htm>

More information about the general mailing list