[OpenID] Secure attribute transmission
Allen Tom
atom at yahoo-inc.com
Mon Aug 4 16:55:42 UTC 2008
Easysurfer at gmx.de wrote:
> I'd like to transmit sensitive data over the Attribute Exchange Extension and was wondering about the best way for encryption.
>
> I was thinking I could do the login w/out attribute exchange, and then
> use a direct connection from the RP to OP over https to retrieve the
> attributes.
Sounds like you should use OAuth to pass an Access Token to the RP, and
then have the RP make a web service request back to the OP to retrieve
the user attributes over HTTPS.
Allen
More information about the general
mailing list