[OpenID] My answers to the nominee questions

Peter Williams pwilliams at rapattoni.com
Sat Dec 13 13:33:57 UTC 2008 

Say more!  given the OP is the deliverer of "the data".

Why not use the AX extension for these querying functions, given the openid association (over which an OP knows it itself has recently sent an assertion) is essentially a persistent authorization ticket?

Do we need to reopen the backchannel flow of openid messaging to deliver AX (and the other openid extensions being normalized)?

Was the openid2 backchannel flow closed, to facilitate OAUTH getting its spot in the stack (under some Identerati deal)? Should we reopen it?

Architecturally, it seems silly to do adopt OAUTH, if openid would do the same job using a mere extension.

(Im pretty ignorant on the topic of OAUTH, but open minded.)

I keep waiting for the RDF crowd to define an openid extension that is a(nother) binding for SPARQL queries, leveraging the authorization functions of the openid association keys and assoc-identifiers to do I&A and machine authz - much as folks use SSL session-keys and session-identifiers.

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Allen Tom
Sent: Friday, December 12, 2008 6:48 PM
To: SitG Admin; general at openid.net
Subject: Re: [OpenID] My answers to the nominee questions

SitG Admin wrote:

It would be nice if RP's had a "I'll scratch your back if you'll scratch mine." system by which they could send short messages to one another's networks - for instance, Monster.com would say "Hey Yahoo, please notify all the Friends of this user on your network, blah blah blah." and Yahoo could do so.

Yahoo has an OAuth protected API that allows a Yahoo user to authorize an RP to write to the user's Activity Stream using the Yahoo! Updates API. The user's connections would be able to see the message in their Updates feed. This is very similar in concept to the News Feed on other sites.

It would be really nice if a user could sign into an RP using OpenID, and simultaneously authorize that site to access their data on Yahoo using OAuth. Expect to hear more about this soon.

More info about the Yahoo! Updates API is here:
http://developer.yahoo.com/social/updates/

Allen



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081213/32a0439c/attachment-0002.htm>

More information about the general mailing list