[OpenID] Attribute Exchange and HTTP/HTTPS
David Recordon
drecordon at sixapart.com
Sat May 24 12:06:29 UTC 2008
You certainly could take advantage of the direct connection for this,
some early OAuth (http://oauth.net/) prototypes worked like this. I
know with Attribute Exchange there was a way to pass a SAML assertion
which could theoretically include an encrypted message. It might be
easier to define an AX parameter which is the encrypted value based
off the of the shared secret between the OP and RP. Another option
would be to pass an OAuth endpoint and an access token to the RP.
--David
On May 3, 2008, at 3:58 AM, Zellyn Hunter wrote:
> Hi folks,
>
> I'd like to use the attribute exchange extension to send email, street
> address, etc. from the OP to the RP. I can get an SSL cert for my OP,
> but I can't get SSL certs for all my RPs.
>
> I was thinking I could do the login w/out attribute exchange, and then
> use a direct connection from the RP to OP over https to retrieve the
> attributes. However, it looks like direct connections are supposed to
> be used only for associate and check_authentication: "It is used for
> establishing associations (Establishing Associations) and verifying
> authentication assertions (Verifying Directly with the OpenID
> Provider)." (http://openid.net/specs/openid-authentication-2_0.html#direct_comm
> ).
>
> Any ideas? I'd like to pass the info over using only the OpenID
> protocol, not invent another protocol for my own use.
>
> Thanks,
>
> Zellyn Hunter
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list