[OpenID] Authentication and AX questions
Steven Livingstone-Perez
weblivz at hotmail.com
Tue Jun 3 22:03:37 UTC 2008
>From what I have seen the OpenID authentication and attribute exchange have
been quite closely intertwined - even since version 1.0 with basic
attributes.
Please educate me if otherwise, but .
Is it just common practice that they exist in this way? Most OP's I go to
ask you to log in and then ask what information you wish to share. I don't
find this a particularly good way of doing things as it unites the
authentication and profile characteristics quite tightly. Is one alternative
that you authenticate against and OP, but get the actual attributes against
another provider (which may not directly support OpenID
registration/authentication etc but is quite happy to exchange attributes
associated with a pre-authenticated OpenID using OpenID AX).
So in other words, Site A asks me for some data. I provide a URL to site B
which contains my data . however, site B authenticates the user against site
C (asking for nothing other than authentication) and, given this
authenticated user, Site B then is happy to use AX to send back the data it
contains.
I suspect this has been discussed and perhaps OAuth already discusses this
(please let me know if this is so).
Thanks,
steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080603/f1397649/attachment.htm>
More information about the general
mailing list