In retrospect, I guess an OpenID transaction using AX could be used for this, omitting the openid.identity and openid.claimed_id parameters to signify this isn't an authentication while still leveraging AX, could be used in this scenario with PayPal as well.<div>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Sun, Apr 26, 2009 at 7:10 AM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Remember (I say this to everyone on the list),<div><br></div><div>Just because PayPal would make an excellent source of this information, that doesn't mean that it should become an OP. In the interest of the SSO model, since we seem to have enough big OPs out there, why not have PayPal become an OAuth Service Provider. </div>
<div><br></div><div>Imagine... you're already logged into eBay using your preferred OP. You're now ready to purchase. Why make you log in again using PayPal? Instead, just click the Pay With PayPal button. You see PayPal pop up, asking you to verify the purchase/bid/whatever. You click Yes. You see eBay again, and it has received all the info it needs. If you weren't already signed into PayPal you may need to sign in there before clicking "Yes", but you're strictly logging into PayPal and not re-logging into eBay.</div>
<div><br></div><div>You don't need to be an OP to be able to provide this info. If authentication isn't strictly necessary, OAuth is usually the right choice.</div><div><br clear="all"><font color="#888888">--<br>
Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire</font><div><div></div><div class="h5"><br>
<br><br><div class="gmail_quote">On Sun, Apr 26, 2009 at 5:54 AM, Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I think Visa. Mastercard etc will get into the act!<div>Incidentally Paypal is an excellent position to be an OP for shopping sites, because not only can it provide a verified email address, it can also tell the RP if the user is a paypal verified user. ie. he has a verified credit card.(Of cource they will need to communicate this info somehow).<div>
<div></div><div><br>
<br><div class="gmail_quote">On Sun, Apr 26, 2009 at 5:28 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com" target="_blank">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
so where are poeple planning on storing (partial) credit card data -<br>
<br>
1. at the op (paypal OP model) attribute server<br>
2. in the release module of the OP, udner user control<br>
3. at the discovery agent (users XRDS, somehow protected)<br>
4. one of the RPs<br>
5. a super RP trusted by other RPs?<br>
<br>
<br>
its a good test of the UCI/openid model, as now we have a sensitive attribute to worry about. Noone can just wave their hands and say : openid is for things that dont matter much...<br>
________________________________________<br>
From: <a href="mailto:general-bounces@openid.net" target="_blank">general-bounces@openid.net</a> [<a href="mailto:general-bounces@openid.net" target="_blank">general-bounces@openid.net</a>] On Behalf Of Santosh Rajan [<a href="mailto:santrajan@gmail.com" target="_blank">santrajan@gmail.com</a>]<br>
Sent: Saturday, April 25, 2009 8:03 PM<br>
To: <a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
Subject: Re: [OpenID] Demo Travel/ retailshop<br>
<br>
I am willing to help.<br>
<br>
<br>
nieuwsgroep wrote:<br>
><br>
> I think Brain Kissel and the others of the retail advisory committee<br>
> (<a href="http://www.slideshare.net/bkkissel/openid-foundation-retail-advisory-commit" target="_blank">http://www.slideshare.net/bkkissel/openid-foundation-retail-advisory-commit</a><br>
> tee-webinar?type=powerpoint) did a great job summarizing the benefits of<br>
> OpenID for retailers. It really helps to discuss OpenID with some of the<br>
> relying party decision makers.<br>
><br>
><br>
><br>
> In addition to the presentation I think it would help a lot if these<br>
> benefits can be showed in an online demo. Convincing potential RP's to<br>
> start<br>
> a pilot project.<br>
><br>
><br>
><br>
> Anyone working on a retail demo that shows the benefits by the following<br>
> scenario:<br>
><br>
><br>
><br>
> 1. Register online on a demo travelshop with an openid collecting as<br>
> much as profile data to prefill the registration form.<br>
><br>
> 2. Return to the travelsite and easily login with an OpenID<br>
><br>
> 3. Book a demo holiday and post this back to my IDP/ Social profile<br>
> (Like facebook or myspace) telling my connections I planned a holiday with<br>
> DemoTravelshop.<br>
><br>
> 4. Additionally easily redirect (Federated login) to a demo<br>
> partnersite to rent a car.<br>
><br>
><br>
><br>
> A good demo like this would complement the story to potential RP's and<br>
> make<br>
> it more tangible.<br>
><br>
><br>
><br>
> Anyone working on such a demo, plans to, or willing to help on this?<br>
><br>
><br>
><br>
> Kick<br>
><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
<br>
<br>
-----<br>
<br>
Santosh Rajan<br>
<a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
<font color="#888888">--<br>
View this message in context: <a href="http://www.nabble.com/Demo-Travel--retailshop-tp23236118p23238762.html" target="_blank">http://www.nabble.com/Demo-Travel--retailshop-tp23236118p23238762.html</a><br>
Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</font></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>