[OpenID] openid, foaf and attribute exchange

Story Henry henry.story at bblfish.net
Wed Jul 25 10:05:32 UTC 2007 

In my post "foaf and openid" [1] Mathew asked:

"Is there a way to get this information just in the normal course of  
things through Attributes in the OpenID spec?"

I read up about attribute exchange and responded this:

I searched the openid site and found the Openid attribute exchange  
draft, which describes a proposed way to do this by querying the  
Identity Provider (https://openid.sun.com/openid/service in my  
example) for attributes. It also defines a method for storing  
attributes there.
I see three problems with this:

   - It ties the identity provider to the identity. The nice thing  
about OpenId, is that it separates the role of the identity provider  
and the identity. This allows one to have an id (I could use http:// 
bblfish.net/) and change identity provider over time, as I change job  
for example, or even have a number of different ones at the same  
time. The OpenId attribute exchange is overloading the identity  
provider (which is really an identity verifier) functionality  
relating to identity description.
   - It does not feel RESTful. If something is to return information  
it should have a URL. Here there is very clearly overlapping of  
concerns as explained above. What is the url for information for one  
identity here? I have a large alarm bell ringing when I read sections  
such as: "Fetch message" and "store message". Is that not the  
equivalent of HTTP GET and PUT?
   - duplicating effort. This spec is inventing a metadata format, a  
query language and storage API, which is a lot of work. These things  
have been done before:
      + metadata framework: as shown above RDF does this very well  
already. It has a very powerful semantics, has gone through years of  
review by some of the best thinkers in the world, is extensible, self  
describing, etc, etc... having to learn another special convention as  
proposed here, is one more unnecessary piece of work.
      + query language: SPARQL though not yet finished does  
everything that is needed here as shown in the example above
      + storage: this could be done using a number of well known  
technologies, such as ftp, scp, Atom Protocol, or even WebDav. AtomP  
and WebDav are even nicely RESTful.

A simple link to a foaf file as described in this article covers most  
uses cases, and is incredibly flexible. If one wants to have  
different personas, one should probably use different openids anyway,  
since as the foaf people have correctly defined it foaf:openid is an  
inverse functional property. So if someone knows that

_:niceJoe a foaf:Person;
          foaf:openid <http://joe.openid.eg/>;
          foaf:nick "joey";
          foaf:email <mailto:nicejoe at love.eg> .

and also knows that

_:badJoe a foaf:Person;
          foaf:openid <http://joe.openid.eg/>;
          foaf:nick "bj";
          foaf:email <mailto:badjoe at bondage.eg> .

Then they know that

[] a foaf:Person;
          foaf:openid <http://joe.openid.eg/>;
          foaf:nick "joey";
          foaf:nick "bj";
          foaf:email <mailto:nicejoe at love.eg> ;
          foaf:email <mailto:badjoe at bondage.eg> .

An open id identifier is an identifier. You should really not be  
using the same identifier if you want to have different independent  
personas.

Henry

[1] http://blogs.sun.com/bblfish/entry/foaf_openid

More information about the general mailing list