[OpenID] Secure attribute transmission
Easysurfer at gmx.de
Easysurfer at gmx.de
Sun Aug 3 18:27:12 UTC 2008
I'd like to transmit sensitive data over the Attribute Exchange Extension and was wondering about the best way for encryption.
I was thinking I could do the login w/out attribute exchange, and then
use a direct connection from the RP to OP over https to retrieve the
attributes. However, it looks like direct connections are supposed to
be used only for associate and check_authentication: "It is used for
establishing associations (Establishing Associations) and verifying
authentication assertions (Verifying Directly with the OpenID
Provider)." (http://openid.net/specs/openid-authentication-2_0.html#direct_comm).
Any ideas? I'd like to pass the info over using only the OpenID
protocol, not invent another protocol for my own use.
Regards,
Sarah Becker
--
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03
More information about the general
mailing list