CX proposal update

Allen Tom atom at yahoo-inc.com
Thu Jan 22 20:43:14 UTC 2009


Hi Nat,

Can you define the term "contract"? Is it legally binding? It is just a 
signed set of attributes? Who are the parties involved with signing the 
contract? The RP, OP, and user? Instead of defining a new CX extension, 
would it just be sufficient to define new attributes using AX?

Would it make more sense to use OAuth instead of defining a new OpenID 
extension? OAuth is designed to allow a user to authorize an RP (aka 
Consumer) to access protected resources hosted by the user's OP (aka 
Service Provider). It might make more sense to use the OpenID+OAuth 
hybrid protocol along with an OAuth protected web service to exchange 
contract information.

Thanks
Allen




Nat Sakimura wrote:
> I have edited the Contract Exchange Proposal on the wiki.
>
> http://wiki.openid.net/Working_Groups%3AContract_Exchange_1
>
> It is substantially shorter and easier to parse, hopefully.
>
> Please discuss.
>
> -- 
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090122/87db6d91/attachment-0002.htm>


More information about the specs mailing list