[OpenID] Attribute Exchange
Peter Williams
pwilliams at rapattoni.com
Mon Aug 6 15:19:51 UTC 2007
As your ruby consumer for OpendID.2.0 (draft11) will presumably already be handling the XML stream obtained using the YADIS Protocol (an HTTP header, plus some profile rules on following signals), how hard would it be for the rails engine to have a support class parse a fragment of henry's FOAF file (in its XML serialization form), if we assume its present in the AX response rather than today's set of AX attributes?
I.E. Rather than invent a type system for AX attributes, we just borrow, -- as Mark Wahl was suggesting earlier. Anything is better than just treating everything as an opaque string, dumping the typing problem on the backend website.
Im going to try this today, with an existing open-source SAML2-enabled HTTP proxy implemented using Ruby on Rails. I can simply define a complex SAML attribute, and have my SAML.create engine associated with the HTTP client first pull the XML-serialized form of the FOAF file. If I use the artifact-binding of SAML, https will "sign" the SAML blob, emulating how an OpenID-association uses bearer-security to "sign" an AX response.
So, that begs the next question: just as many relational database managers used in the Rails world can now have a SQL query natively serialize their tables as XML, is there one that can render its tables in RDF/XML, instead?
________________________________
From: general-bounces at openid.net on behalf of Armand du Plessis
Sent: Sun 8/5/2007 11:28 PM
To: general at openid.net
Subject: [OpenID] Attribute Exchange
Hi,
I'm busy extending the ruby-openid library to support the Attribute
Exchange draft for use in one of our sites but have a couple of
questions around it I'm hoping you guys can clarify:
1) Am I correct in saying that the ax, fetch_request and
fetch_response, messages should piggy-back on the OpenID
authentication, checkid_setup, checkid_immidiate and id_res, messages?
At first I thought it would be seperate messages but reading the
section on OpenID extensions it seems it needs to be included in the
same request-response.
2) Some of my attribute exchange responses include quite a lot of
data. If the RP initiated the exchange and included a fetch_request
attribute is it OK for the server to respond with a POST back when the
initial request was a GET?
In the OpenID library I see that if the message was one of the
checkid* it will respond with a http redirect with all the values sent
back in the querystring which in my case would sometimes exceed the
max querystring length. Will a consumer understand the response if
it's sent back as a key/value form? Or what is the preferred mechanism
for doing that? Should I rather included the values in a post back
without bothering the k/v form? The spec is not too clear on this or
it's too early in the morning for me to understand it :)
Any guidance or pointers to samples for implementing the AX extensions
would be really welcome.
Kind regards,
Armand
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list