[OpenID] Consumers storing data againat an OpenID

Steven Livingstone-Perez weblivz at hotmail.com
Thu May 22 10:14:36 UTC 2008 

Thanks Jorn - yes you are right about protecting "local" attributes so that
it isn't shared amongst bodies (that is a whole new discussion).

I will need to look more into the attribute exchange today/tomorrow.

The reason it is useful at the IP is simply for convenience for RP's who
want to store attribute information against the ID's but don't want to
modify their local schema. An IP durable bucket would be very useful.

Regards,
Steven
http://weblivz.openid.org

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Jørn Wildt
Sent: 22 May 2008 09:55
To: 'OpenID List'
Subject: Re: [OpenID] Consumers storing data againat an OpenID

> this has already being
> considered under OpenID Attribute Exchange 

But does Attribute Exchange take the origin into account? It's much like
cookies - if site A stores attribute X at the IP, will site B then get the
attribute? 

Should it? In this example it is some local school information. But what if
I used the same OpenID at both CIA and Al-Quaeda? Then I probably wouldn't
want my CIA spyname sent to Al-Quaeda just because CIA found it convenient
to store it at the IP.

It seems to me that local data should be stored at the RP only - it has
nothing to do at the IP.

Or have I missed something?

/Jørn

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Prabath Siriwardena
Sent: 22. maj 2008 10:47
To: Steven Livingstone-Perez
Cc: general at openid.net
Subject: Re: [OpenID] Consumers storing data againat an OpenID

If I correctly understood your question - Yes - this has already being
considered under OpenID Attribute Exchange [1].

Thanks & regards.
- Prabath

[1]: http://openid.net/specs/openid-attribute-exchange-1_0.html#store

On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez
<weblivz at hotmail.com> wrote:
> Has it ever been considered that a consumer of an OpenID may wish to store
> some attributes data against that user?
>
>
>
> In other words rather than storing it locally (and doing the work required
> to achieve this) a trusted consumer may have "write" abilities which would
> allow them to store some information important only to them against the
> OpenID?
>
>
>
> For example you may log in and be directed to a site who may wish to store
> the local username they use for you with the OpenID so they can get it as
> one of the attributes next time – or (as someone recently asked me) store
> the local school they are to be associated with under their domain.
>
>
>
> Regards,
>
> Steven
>
> http://weblivz.openid.org
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list