Yahoo available AX attrs

Tue Dec 8 18:32:12 UTC 2009

I can't provide a totally worked out example.  But there are a lot of
attributes floating around -- including attributes on attributes, now -- and
it seems like it would be useful and valuable to be able to package them up
into semantically meaningful 'profiles' -- public contact information,
private contact information, full read-only profile -- which you could
provide to RPs.  If you send an endpoint URL to the RP instead of the
information itself, the RP can then retrieve it via a backchannel (and cache
it).  If you have private data, use a capability URL with a token that
allows read-only access.

Then you have much more freedom in how to represent the data on the other
end -- you can use PoCo or AX name/value pairs -- and you're not limited to
2K or a bad user experience.  Plus, you can access the same information the
same way even if not using an OpenID session to kick off the attribute
exchange.

--
John Panzer / Google
jpanzer at google.com / abstractioneer.org / @jpanzer

On Mon, Dec 7, 2009 at 8:43 PM, Chris Messina <chris.messina at gmail.com>wrote:

> Can you provide an example?
>
>
> On Mon, Dec 7, 2009 at 8:42 PM, John Panzer <jpanzer at google.com> wrote:
>
>> Would a single capability URL to a PoCo endpoint for the user - a
>> single attribute - be a reasonable idea?
>>
>> On Monday, December 7, 2009, Chris Messina <chris.messina at gmail.com>
>> wrote:
>> > Sounds like something to add to PoCo... perhaps something as simple as a
>> "verified" boolean added to email addresses?
>> > http://portablecontacts.net/draft-schema.html#anchor4
>> >
>> > Chris
>> >
>> > On Mon, Dec 7, 2009 at 8:25 PM, Brian Kissel <bkissel at janrain.com>
>> wrote:
>> >
>> > +1 on email address metadata, many RPs definitely want this.
>> >
>> > Cheers,
>> >
>> > Brian
>> > ___________
>> >
>> > Brian Kissel
>> > CEO, JanRain - WebID and Social Publishing for User Engagement
>> > Email: bkissel at janrain.com     Cell: 503.866.4424     Fax: 503.296.5502
>> >
>> >
>> > -----Original Message-----
>> > From: openid-specs-bounces at lists.openid.net [mailto:
>> openid-specs-bounces at lists.openid.net] On Behalf Of Allen Tom
>> > Sent: Monday, December 07, 2009 7:46 PM
>> > To: Peter Watkins; Chris Obdam; openid-specs at lists.openid.net
>> > Subject: Re: Yahoo available AX attrs
>> >
>> > Oops - I clicked send too early.
>> >
>> > The bad UX with AX is the security warning that most browsers display
>> when
>> > POSTing a form from HTTPS to HTTP, which is the case when the Yahoo OP
>> > returns a lot of attributes. AX attribute names are excessively long, so
>> > it's very likely that using different attribute names for
>> first/last/middle
>> > name will cause the response to be returned via POST. (2KB is the cutoff
>> > point)
>> >
>> > With regards to email address - unless we're 100% sure about the email
>> > address, we'd like to return metadata about the email address.
>> Specifically,
>> > we'd like to indicate whether or not the email address was verified, and
>> if
>> > so, when it was verified. This is definitely something that we'd like to
>> get
>> > in to AX 2.0.
>> >
>> > Allen
>> >
>> >
>> >
>> > On 12/7/09 7:39 PM, "Allen Tom" <atom at yahoo-inc.com> wrote:
>> >
>> >> It definitely makes sense to use different attributes for
>> givennanme/surname
>> >> so that RPs don't have to parse the string, and a few other RPs have
>> also
>> >> asked for it.  Our initial goal for our AX implementation was just to
>> match
>> >> SREG, and SREG only has a single openid.sreg.fullname attribute.
>> >>
>> >> We'll add support for separate first/last/middle/suffix attributes in a
>> >> followup release - probably early next year. I do hope that we're able
>> to
>> >> standardize the attribute names, and also keep them short and compact.
>> If you
>> >> ask for all our supported attributes, the response will exceed 2KB,
>> which
>> >> requires that the response is returned via POST, causing a really bad
>> UX.
>> >>
>> >> With regards to email address - we'd like to be able to return metadata
>> about
>> >> the email address w
>> >>
>> >>
>> >>
>> >> On 12/7/09 7:25 AM, "Peter Watkins" <peterw at tux.org> wrote:
>> >>
>> >>> On Mon, Dec 07, 2009 at 09:16:46AM +0100, Chris Obdam wrote:
>> >>>>> Chris (Obdam)  - which additional attributes would you like to see
>> >>>>> available? The attributes that we¹ll be adding early next year will
>> include
>> >>>>> Yahoo Profile URL and account creation date. A bunch of people have
>> asked
>> >>>>> for Flickr Photos URL and Upcoming Profile URL, so we¹ll probably
>> get
>> >>>>> around
>> >>>>> to adding those too.
>> >>>> I would like to access every attr specified in de AXschema? :-)
>> >>>>
>> >>>> In my Yahoo profile i have provided my address (home and work). I
>> would like
>> >>>> to use those in a sign form somewhere else.
>> >>>> Same goes for my phone numbers.
>> >>>
>> >>> So would I. One of the simpler goals of our Single Sign On is
>> prepopulating
>> >>> form fields; having postal address and phone number would be a help.
>> >>>
>> >>> I'd also like to see First and Last names available as separate
>> attributes,
>> >>> otherwise we're trying to intelligently split both "Mary Jane Parker"
>> and
>> >>> "Malcom Mac Murray".
>> >>>
>> >>> Also I would prefer that you give us the user's *primary* email
>> address. In
>> >>> my Yahoo profile, my Yahoo email address is flagged as "Share with no
>> one"
>> >>> and I have a different email address flagged as primary, but your AX
>> sends
>> >>> my yahoo email address. Th--
>> > Chris Messina
>> > Open Web Advocate
>> >
>> > Personal: http://factoryjoe.com
>> > Follow me on Twitter: http://twitter.com/chrismessina
>> >
>> > Citizen Agency: http://citizenagency.com
>> > Diso Project: http://diso-project.org
>> > OpenID Foundation: http://openid.net
>> >
>> > This email is:   [ ] shareable    [X] ask first   [ ] private
>> >
>> >
>>
>> --
>> --
>> John Panzer / Google
>> jpanzer at google.com / abstractioneer.org / @jpanzer
>>
>
>
>
> --
> Chris Messina
> Open Web Advocate
>
> Personal: http://factoryjoe.com
> Follow me on Twitter: http://twitter.com/chrismessina
>
> Citizen Agency: http://citizenagency.com
> Diso Project: http://diso-project.org
> OpenID Foundation: http://openid.net
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091208/055095b8/attachment-0001.htm>