Thoughts on the Attribute Exchange proposal.

Johnny Bufu johnny at sxip.com
Fri Mar 9 19:59:58 UTC 2007 

Hi Wayne!

It's good to see someone interested in attribute exchange!

On 9-Mar-07, at 11:25 AM, Wayne Pierce wrote:
>   1. Updating information.  When I update an attribute is there any
> proposed way to notify subscribers without the subscribers having to
> poll my URI?

This is actually addressed in Atribute Exchange, see the update_url  
field in the fetch request messages.

>   2. Is there any way for an entity to create a collection of
> attributes for individuals to associate values with?  I saw a
> reference to "Personas" in one of the documents but these seemed to be
> user-derived.

I'm not sure I understand fully what your interest is with this use- 
case.

In AX, each attribute is identified by a URI, and anyone can come  
up / invent custom attributes like this. [1]

The next step is dereferencing that URI (if it is an URL) and obtain  
'metadata' [2] about the attribute, which would then help do other  
useful things with the attribute. The metadata would describe the  
data format of the attribute, acquisition methods etc.

Using these two mechanisms, it would be easy for someone to define a  
new (profile) attribute like the one you describe below, and define  
it's semantic to be a collection of some other attributes. How does  
this approach look to you? Does it address your problem, or did you  
have a different approach in mind?


While there is some consensus around Attribute Exchange, with its use  
of URI attribute identifiers (and it is slowly heading to a  
finalized / useable form), the other two pieces (types [1] and  
metadata [2]) are not as close to being  finalized, and we'd more  
than welcome your help here!

The talks about the identity schema are focused at http:// 
idschemas.idcommons.net/ which may also be of interest to you.


Thanks,
Johnny

[1] http://openid.net/specs/openid-attribute-types-1_0-02.html
[2] http://openid.net/specs/identity-attribute-metadata-1_0-01.html

> The system I have been looking at is very similar, but seems to start
> from a different perspective.  My starting point was about making an
> organization more efficient and easing the burden of updating my
> information with multiple organizations at once.
>
> To accomplish this I was looking at ways to allow an organization to
> create "Profiles" of Attributes.  In the talks I have had with people
> they seemed to want profiles that match their existing HR documents or
> data they would like to collect but have no documents or processes
> for.
>
> Individuals would then associate Attributes with the fields for a
> Profile, when the local Attribute was updated any Profile containing
> that Attribute would be updated.  This would trigger an update to the
> authorized organizations.
>
> Other things I have looked at are ways to secure the data, potentially
> using GnuPG and building a client application for managing the
> Attributes and Profiles.
>
> I am still reading some of the specs and mailing list archive, but I
> will help out where I can.

More information about the specs mailing list