[OpenID] Consumers storing data againat an OpenID

Paul Madsen paulmadsen at rogers.com
Thu May 22 18:59:02 UTC 2008 

fair enough, "Tie goes to the runner" :-)

paul

p.s.  somewhat related, Liberty started some work (that we'd like to get 
broader contribution to, forum TBD) that would allow the SP, when 
pushing the attributes to the OP, to indicate 'Don't forward' (amongst 
other things), but we're assuming the policy is that of the user and not 
the SP.

Dick Hardt wrote:
> There are LOTS of implications in doing this .. I thought it was an 
> interesting idea to discuss. :)
>
> I would expect the user to CONTINUE to decide if the attributes are 
> stored or released, regardless of what an RP asks. The OP is the 
> user's agent, not the RPs.
>
> -- Dick
>
> On 22-May-08, at 10:41 AM, Paul Madsen wrote:
>
>> the implication of this seems to be that the user's policy over the 
>> release of his/her attributes to different SPs could be trumped by 
>> (or at least in conflict with) that of the SP who happened to have 
>> pushed the attribute to the OP in the first place?
>>
>>
>> paul
>>
>> Dick Hardt wrote:
>>> Attribute Exchange was intended for an RP to store data that would  
>>> useful to other RPs.
>>>
>>> If there is sufficient interest in the use case that Steven has  
>>> brought up, AX could be extended so that data stored is tagged with  
>>> its origin and then provided back to the RP when the user logs in  
>>> again in the future. For small sites, this has the advantage of 
>>> being  able to outsource local attributes.
>>>
>>> -- Dick
>>>
>>> On 22-May-08, at 3:14 AM, Steven Livingstone-Perez wrote:
>>>
>>>
>>>> Thanks Jorn - yes you are right about protecting "local" 
>>>> attributes  so that
>>>> it isn't shared amongst bodies (that is a whole new discussion).
>>>>
>>>> I will need to look more into the attribute exchange today/tomorrow.
>>>>
>>>> The reason it is useful at the IP is simply for convenience for 
>>>> RP's  who
>>>> want to store attribute information against the ID's but don't want to
>>>> modify their local schema. An IP durable bucket would be very useful.
>>>>
>>>> Regards,
>>>> Steven
>>>> http://weblivz.openid.org
>>>>
>>>> -----Original Message-----
>>>> From: general-bounces at openid.net 
>>>> [mailto:general-bounces at openid.net]  On
>>>> Behalf Of Jørn Wildt
>>>> Sent: 22 May 2008 09:55
>>>> To: 'OpenID List'
>>>> Subject: Re: [OpenID] Consumers storing data againat an OpenID
>>>>
>>>>
>>>>> this has already being
>>>>> considered under OpenID Attribute Exchange
>>>>>
>>>> But does Attribute Exchange take the origin into account? It's 
>>>> much  like
>>>> cookies - if site A stores attribute X at the IP, will site B then  
>>>> get the
>>>> attribute?
>>>>
>>>> Should it? In this example it is some local school information. 
>>>> But  what if
>>>> I used the same OpenID at both CIA and Al-Quaeda? Then I probably  
>>>> wouldn't
>>>> want my CIA spyname sent to Al-Quaeda just because CIA found it  
>>>> convenient
>>>> to store it at the IP.
>>>>
>>>> It seems to me that local data should be stored at the RP only - 
>>>> it  has
>>>> nothing to do at the IP.
>>>>
>>>> Or have I missed something?
>>>>
>>>> /Jørn
>>>>
>>>> -----Original Message-----
>>>> From: general-bounces at openid.net 
>>>> [mailto:general-bounces at openid.net]  On
>>>> Behalf Of Prabath Siriwardena
>>>> Sent: 22. maj 2008 10:47
>>>> To: Steven Livingstone-Perez
>>>> Cc: general at openid.net
>>>> Subject: Re: [OpenID] Consumers storing data againat an OpenID
>>>>
>>>> If I correctly understood your question - Yes - this has already being
>>>> considered under OpenID Attribute Exchange [1].
>>>>
>>>> Thanks & regards.
>>>> - Prabath
>>>>
>>>> [1]: http://openid.net/specs/openid-attribute-exchange-1_0.html#store
>>>>
>>>> On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez
>>>> <weblivz at hotmail.com> wrote:
>>>>
>>>>> Has it ever been considered that a consumer of an OpenID may wish  
>>>>> to store
>>>>> some attributes data against that user?
>>>>>
>>>>>
>>>>>
>>>>> In other words rather than storing it locally (and doing the work  
>>>>> required
>>>>> to achieve this) a trusted consumer may have "write" abilities  
>>>>> which would
>>>>> allow them to store some information important only to them 
>>>>> against  the
>>>>> OpenID?
>>>>>
>>>>>
>>>>>
>>>>> For example you may log in and be directed to a site who may wish  
>>>>> to store
>>>>> the local username they use for you with the OpenID so they can 
>>>>> get  it as
>>>>> one of the attributes next time – or (as someone recently asked 
>>>>> me)  store
>>>>> the local school they are to be associated with under their domain.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Steven
>>>>>
>>>>> http://weblivz.openid.org
>>>>>
>>>>> _______________________________________________
>>>>> general mailing list
>>>>> general at openid.net
>>>>> http://openid.net/mailman/listinfo/general
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>> _______________________________________________
>>>> general mailing list
>>>> general at openid.net
>>>> http://openid.net/mailman/listinfo/general
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>>
>>>
>>
>> -- 
>> Paul Madsen            e:paulmadsen @ ntt-at.com
>> NTT                    p:613-482-0432
>>                      m:613-282-8647
>>                      aim:PaulMdsn5
>>                      web:connectid.blogspot.com
>>
>
>
>

-- 
Paul Madsen            e:paulmadsen @ ntt-at.com
NTT                    p:613-482-0432
                       m:613-282-8647
                       aim:PaulMdsn5
                       web:connectid.blogspot.com

More information about the general mailing list