OpenID Exchange

Martin Atkins mart at degeneration.co.uk
Wed Dec 13 12:43:55 UTC 2006


I have made an early draft of a spec called OpenID Exchange on the wiki:
     <http://openid.net/wiki/index.php/OpenID_Exchange_1.0>

The goal of this protocol is to allow user-accompanied HTTP requests. 
"user-accompanied" means that a consumer makes a request to a service on 
behalf of a user and the user reviews and approves the request.

Example applications of this include:
  * Zooomr posting photos into your blog with your one-time approval, 
without disclosing your login credentials. [1]
  * Fetching of user profile information.
  * Social networking friendship handshakes. [2]

The protocol should, in theory, be able to act as a transport for any 
HTTP-based protocol such as SOAP and AtomAPI, as well as for simple GET 
requests. The protocol for "post in my blog" could, for example, just be 
an AtomAPI POST request made over OpenID Exchange.

This is still work-in-progress. The spec needs lots of refinement and at 
some point I'll have to make a demo or two.

[1] You can still see the results of the demo of my earlier version
    of this on LiveJournal, albeit without the pictures:
     <http://openrpcdemo.livejournal.com/>

[2] Discussed further in my blog entry on social networking:
     <http://www.apparently.me.uk/623.html>





More information about the specs mailing list