[OpenID] Attribute Exchange without simultaneous authentication
Andrew Arnott
andrewarnott at gmail.com
Sun May 25 14:43:01 UTC 2008
Attribute Exchange seems to rely on being part of an authentication message
as opposed to being able to work when in OpenID's no-authentication
extension mode. I get this from section
3.1<http://openid.net/specs/openid-attribute-exchange-1_0.html#identifier-definition>of
the AX spec getting the subject identifier from the authentication
part
of the message.
My suggestion would be that if we can, in a subsequent version of AX, allow
AX to stand alone without OpenID having to send an authentication request at
the same time, then given an OpenID URL by itself, people can query against
it. Now, most information would probably need to be kept private, but
perhaps some information, like contact information, can be made available
provided the requestor respond to a CAPTCHA or something like that. That
would be up to the individual OPs and their users of course as to which
information to be willing to disseminate, but the power of the feature is
there.
What do you think?
--
Andrew Arnott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080525/1654989d/attachment-0002.htm>
More information about the general
mailing list