[OpenID] Consumers storing data against an OpenID
Dick Hardt
dick at sxip.com
Thu May 22 17:56:13 UTC 2008
overloading the association is a bad idea IMHO
On 22-May-08, at 10:20 AM, Peter Williams wrote:
> Do it.
>
> Essentially, let the delivering RP sign the attribute, where both
> attributes and signatures are stored, where the OpenID Association
> is the signing mechanism.
>
> Academically, we are saying that the OpenID Association that "signs"
> the attribute delivered by RP#1 to the AX resolver can be "referred
> to" when the OP/AX then makes statements about attributes to RP#2,
> over another OpenID Association.
>
> So, don't tag the attribute with its "source", merely: tag it with
> the value(s) of the OpenID Association that delivered it to the
> Attribute store. Let a requesting RP#2 now ask for meta-attributes
> about the attribute if it wishes - all the parameters of the
> delivering OpenID Association.
>
>> -----Original Message-----
>> From: general-bounces at openid.net [mailto:general-
>> bounces at openid.net] On
>> Behalf Of Dick Hardt
>> Sent: Thursday, May 22, 2008 9:06 AM
>> To: Steven Livingstone-Perez
>> Cc: 'OpenID List'
>> Subject: Re: [OpenID] Consumers storing data againat an OpenID
>>
>> Attribute Exchange was intended for an RP to store data that would
>> useful to other RPs.
>>
>> If there is sufficient interest in the use case that Steven has
>> brought up, AX could be extended so that data stored is tagged with
>> its origin and then provided back to the RP when the user logs in
>> again in the future. For small sites, this has the advantage of being
>> able to outsource local attributes.
>>
>> -- Dick
>>
>> On 22-May-08, at 3:14 AM, Steven Livingstone-Perez wrote:
>>
>>> Thanks Jorn - yes you are right about protecting "local" attributes
>>> so that
>>> it isn't shared amongst bodies (that is a whole new discussion).
>>>
>>> I will need to look more into the attribute exchange today/tomorrow.
>>>
>>> The reason it is useful at the IP is simply for convenience for RP's
>>> who
>>> want to store attribute information against the ID's but don't want
>> to
>>> modify their local schema. An IP durable bucket would be very
>>> useful.
>>>
>>> Regards,
>>> Steven
>>> http://weblivz.openid.org
>>>
>>> -----Original Message-----
>>> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
>>> On
>>> Behalf Of Jørn Wildt
>>> Sent: 22 May 2008 09:55
>>> To: 'OpenID List'
>>> Subject: Re: [OpenID] Consumers storing data againat an OpenID
>>>
>>>> this has already being
>>>> considered under OpenID Attribute Exchange
>>>
>>> But does Attribute Exchange take the origin into account? It's much
>>> like
>>> cookies - if site A stores attribute X at the IP, will site B then
>>> get the
>>> attribute?
>>>
>>> Should it? In this example it is some local school information. But
>>> what if
>>> I used the same OpenID at both CIA and Al-Quaeda? Then I probably
>>> wouldn't
>>> want my CIA spyname sent to Al-Quaeda just because CIA found it
>>> convenient
>>> to store it at the IP.
>>>
>>> It seems to me that local data should be stored at the RP only - it
>>> has
>>> nothing to do at the IP.
>>>
>>> Or have I missed something?
>>>
>>> /Jørn
>>>
>>> -----Original Message-----
>>> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
>>> On
>>> Behalf Of Prabath Siriwardena
>>> Sent: 22. maj 2008 10:47
>>> To: Steven Livingstone-Perez
>>> Cc: general at openid.net
>>> Subject: Re: [OpenID] Consumers storing data againat an OpenID
>>>
>>> If I correctly understood your question - Yes - this has already
>> being
>>> considered under OpenID Attribute Exchange [1].
>>>
>>> Thanks & regards.
>>> - Prabath
>>>
>>> [1]: http://openid.net/specs/openid-attribute-
>>> exchange-1_0.html#store
>>>
>>> On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez
>>> <weblivz at hotmail.com> wrote:
>>>> Has it ever been considered that a consumer of an OpenID may wish
>>>> to store
>>>> some attributes data against that user?
>>>>
>>>>
>>>>
>>>> In other words rather than storing it locally (and doing the work
>>>> required
>>>> to achieve this) a trusted consumer may have "write" abilities
>>>> which would
>>>> allow them to store some information important only to them against
>>>> the
>>>> OpenID?
>>>>
>>>>
>>>>
>>>> For example you may log in and be directed to a site who may wish
>>>> to store
>>>> the local username they use for you with the OpenID so they can get
>>>> it as
>>>> one of the attributes next time - or (as someone recently asked me)
>>>> store
>>>> the local school they are to be associated with under their domain.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Steven
>>>>
>>>> http://weblivz.openid.org
>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list