[OpenID] Consumers storing data against an OpenID

Peter Williams pwilliams at rapattoni.com
Thu May 22 17:20:01 UTC 2008 

Do it.

Essentially, let the delivering RP sign the attribute, where both attributes and signatures are stored, where the OpenID Association is the signing mechanism. 

Academically, we are saying that the OpenID Association that "signs" the attribute delivered by RP#1 to the AX resolver can be "referred to" when the OP/AX then makes statements about attributes to RP#2, over another OpenID Association.

So, don't tag the attribute with its "source", merely: tag it with the value(s) of the OpenID Association that delivered it to the Attribute store. Let a requesting RP#2 now ask for meta-attributes about the attribute if it wishes - all the parameters of the delivering OpenID Association.

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Dick Hardt
> Sent: Thursday, May 22, 2008 9:06 AM
> To: Steven Livingstone-Perez
> Cc: 'OpenID List'
> Subject: Re: [OpenID] Consumers storing data againat an OpenID
> 
> Attribute Exchange was intended for an RP to store data that would
> useful to other RPs.
> 
> If there is sufficient interest in the use case that Steven has
> brought up, AX could be extended so that data stored is tagged with
> its origin and then provided back to the RP when the user logs in
> again in the future. For small sites, this has the advantage of being
> able to outsource local attributes.
> 
> -- Dick
> 
> On 22-May-08, at 3:14 AM, Steven Livingstone-Perez wrote:
> 
> > Thanks Jorn - yes you are right about protecting "local" attributes
> > so that
> > it isn't shared amongst bodies (that is a whole new discussion).
> >
> > I will need to look more into the attribute exchange today/tomorrow.
> >
> > The reason it is useful at the IP is simply for convenience for RP's
> > who
> > want to store attribute information against the ID's but don't want
> to
> > modify their local schema. An IP durable bucket would be very useful.
> >
> > Regards,
> > Steven
> > http://weblivz.openid.org
> >
> > -----Original Message-----
> > From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> > On
> > Behalf Of Jørn Wildt
> > Sent: 22 May 2008 09:55
> > To: 'OpenID List'
> > Subject: Re: [OpenID] Consumers storing data againat an OpenID
> >
> >> this has already being
> >> considered under OpenID Attribute Exchange
> >
> > But does Attribute Exchange take the origin into account? It's much
> > like
> > cookies - if site A stores attribute X at the IP, will site B then
> > get the
> > attribute?
> >
> > Should it? In this example it is some local school information. But
> > what if
> > I used the same OpenID at both CIA and Al-Quaeda? Then I probably
> > wouldn't
> > want my CIA spyname sent to Al-Quaeda just because CIA found it
> > convenient
> > to store it at the IP.
> >
> > It seems to me that local data should be stored at the RP only - it
> > has
> > nothing to do at the IP.
> >
> > Or have I missed something?
> >
> > /Jørn
> >
> > -----Original Message-----
> > From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> > On
> > Behalf Of Prabath Siriwardena
> > Sent: 22. maj 2008 10:47
> > To: Steven Livingstone-Perez
> > Cc: general at openid.net
> > Subject: Re: [OpenID] Consumers storing data againat an OpenID
> >
> > If I correctly understood your question - Yes - this has already
> being
> > considered under OpenID Attribute Exchange [1].
> >
> > Thanks & regards.
> > - Prabath
> >
> > [1]: http://openid.net/specs/openid-attribute-exchange-1_0.html#store
> >
> > On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez
> > <weblivz at hotmail.com> wrote:
> >> Has it ever been considered that a consumer of an OpenID may wish
> >> to store
> >> some attributes data against that user?
> >>
> >>
> >>
> >> In other words rather than storing it locally (and doing the work
> >> required
> >> to achieve this) a trusted consumer may have "write" abilities
> >> which would
> >> allow them to store some information important only to them against
> >> the
> >> OpenID?
> >>
> >>
> >>
> >> For example you may log in and be directed to a site who may wish
> >> to store
> >> the local username they use for you with the OpenID so they can get
> >> it as
> >> one of the attributes next time - or (as someone recently asked me)
> >> store
> >> the local school they are to be associated with under their domain.
> >>
> >>
> >>
> >> Regards,
> >>
> >> Steven
> >>
> >> http://weblivz.openid.org
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >>
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list