So, what is an OpenID Extension?
Dick Hardt
Dick.Hardt at microsoft.com
Thu Aug 13 14:43:35 UTC 2009
Yes, in OpenID 2.0 the identifiers are optional so an extension could
provide all the functionality. Eg . Attribute Exchange could be used
to move attributes without authenticating.
-- Dick
On 2009-08-13, at 7:34 AM, "James Henstridge" <james at jamesh.id.au>
wrote:
> On Thu, Aug 13, 2009 at 8:05 AM, Nat Sakimura<sakimura at gmail.com>
> wrote:
>> I blogged bout the subject here:
>> http://www.sakimura.org/en/modules/wordpress/index.php?p=91
>>
>> What would be the consensus here?
>
> My reading of the spec (and what I believe is the author's intent) is
> that OpenID extensions do indeed piggyback on an authentication
> request. The note about including the extension's type URI in XRDS is
> a way that an OpenID provider can advertise support for the extension.
>
> Note that in OpenID 2.0, sending openid.identifier in an
> authentication request is optional. So you could potentially use an
> extension without actually authenticating as a particular user. From
> section 9.1:
>
> """
> "openid.claimed_id" and "openid.identity" SHALL be either both present
> or both absent. If neither value is present, the assertion is not
> about an identifier, and will contain other information in its
> payload, using extensions (Extensions).
> """
>
> James.
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
More information about the specs
mailing list