[OpenID] Consumers storing data against an OpenID

Peter Williams pwilliams at rapattoni.com
Thu May 22 18:11:50 UTC 2008 

In the UCI doctrine of OpenID, I the user control my identity world (unlike in the US university system, where TTPs decide on my actual privacy level for me, and the TTPs decide on the level of enforcement). I also - note the I, ol egotistical me always - access plaxo, who account link the openid to lots of other attributes to do with plaxo membership and attribute syncing services.

This is where I now start to see AX come into play. Plaxo now decide to leverage an AX service (which may or may not be hosted and "Controlled by" #my OP or my current OpenID Association's policy) to share those *additional* plaxo attributes with other RPs. 

For example, if I have registered my social graph with plaxo and stated release policy (to plaxo's proprietary attribute syncing system), I may know from the terms of service that it could now be shared openly (via AX) with others. Perhaps, the AX network used by Plaxo will or will not be willing to enforce downstream the release policy implied by my social graph... 

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Paul Madsen
> Sent: Thursday, May 22, 2008 10:42 AM
> To: Dick Hardt
> Cc: 'OpenID List'
> Subject: Re: [OpenID] Consumers storing data againat an OpenID
> 
> the implication of this seems to be that the user's policy over the
> release of his/her attributes to different SPs could be trumped by (or
> at least in conflict with) that of the SP who happened to have pushed
> the attribute to the OP in the first place?
> 
> 
> paul
> 
> Dick Hardt wrote:
> > Attribute Exchange was intended for an RP to store data that would
> > useful to other RPs.
> >
> > If there is sufficient interest in the use case that Steven has
> > brought up, AX could be extended so that data stored is tagged with
> > its origin and then provided back to the RP when the user logs in
> > again in the future. For small sites, this has the advantage of being
> > able to outsource local attributes.
> >
> > -- Dick
> >
> > On 22-May-08, at 3:14 AM, Steven Livingstone-Perez wrote:
> >
> >
> >> Thanks Jorn - yes you are right about protecting "local" attributes
> >> so that
> >> it isn't shared amongst bodies (that is a whole new discussion).
> >>
> >> I will need to look more into the attribute exchange today/tomorrow.
> >>
> >> The reason it is useful at the IP is simply for convenience for RP's
> >> who
> >> want to store attribute information against the ID's but don't want
> to
> >> modify their local schema. An IP durable bucket would be very
> useful.
> >>
> >> Regards,
> >> Steven
> >> http://weblivz.openid.org
> >>
> >> -----Original Message-----
> >> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> >> On
> >> Behalf Of Jørn Wildt
> >> Sent: 22 May 2008 09:55
> >> To: 'OpenID List'
> >> Subject: Re: [OpenID] Consumers storing data againat an OpenID
> >>
> >>
> >>> this has already being
> >>> considered under OpenID Attribute Exchange
> >>>
> >> But does Attribute Exchange take the origin into account? It's much
> >> like
> >> cookies - if site A stores attribute X at the IP, will site B then
> >> get the
> >> attribute?
> >>
> >> Should it? In this example it is some local school information. But
> >> what if
> >> I used the same OpenID at both CIA and Al-Quaeda? Then I probably
> >> wouldn't
> >> want my CIA spyname sent to Al-Quaeda just because CIA found it
> >> convenient
> >> to store it at the IP.
> >>
> >> It seems to me that local data should be stored at the RP only - it
> >> has
> >> nothing to do at the IP.
> >>
> >> Or have I missed something?
> >>
> >> /Jørn
> >>
> >> -----Original Message-----
> >> From: general-bounces at openid.net [mailto:general-bounces at openid.net]
> >> On
> >> Behalf Of Prabath Siriwardena
> >> Sent: 22. maj 2008 10:47
> >> To: Steven Livingstone-Perez
> >> Cc: general at openid.net
> >> Subject: Re: [OpenID] Consumers storing data againat an OpenID
> >>
> >> If I correctly understood your question - Yes - this has already
> being
> >> considered under OpenID Attribute Exchange [1].
> >>
> >> Thanks & regards.
> >> - Prabath
> >>
> >> [1]: http://openid.net/specs/openid-attribute-exchange-
> 1_0.html#store
> >>
> >> On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez
> >> <weblivz at hotmail.com> wrote:
> >>
> >>> Has it ever been considered that a consumer of an OpenID may wish
> >>> to store
> >>> some attributes data against that user?
> >>>
> >>>
> >>>
> >>> In other words rather than storing it locally (and doing the work
> >>> required
> >>> to achieve this) a trusted consumer may have "write" abilities
> >>> which would
> >>> allow them to store some information important only to them against
> >>> the
> >>> OpenID?
> >>>
> >>>
> >>>
> >>> For example you may log in and be directed to a site who may wish
> >>> to store
> >>> the local username they use for you with the OpenID so they can get
> >>> it as
> >>> one of the attributes next time - or (as someone recently asked me)
> >>> store
> >>> the local school they are to be associated with under their domain.
> >>>
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Steven
> >>>
> >>> http://weblivz.openid.org
> >>>
> >>> _______________________________________________
> >>> general mailing list
> >>> general at openid.net
> >>> http://openid.net/mailman/listinfo/general
> >>>
> >>>
> >>>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >>
> >>
> >>
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> >
> >
> >
> 
> --
> Paul Madsen            e:paulmadsen @ ntt-at.com
> NTT                    p:613-482-0432
>                        m:613-282-8647
>                        aim:PaulMdsn5
>                        web:connectid.blogspot.com
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list