[OpenID] Attribute Exchange without simultaneous authentication
Dick Hardt
dick at sxip.com
Mon May 26 18:43:13 UTC 2008
The Subject Identifier is to let the OP and RP know which user is
being referred to. An authentication request SHOULD not be needed.
In other words, you should be able to do what you want to do now ...
why do you think you can't?
-- Dick
On 25-May-08, at 7:43 AM, Andrew Arnott wrote:
> Attribute Exchange seems to rely on being part of an authentication
> message as opposed to being able to work when in OpenID's no-
> authentication extension mode. I get this from section 3.1 of the
> AX spec getting the subject identifier from the authentication part
> of the message.
>
> My suggestion would be that if we can, in a subsequent version of
> AX, allow AX to stand alone without OpenID having to send an
> authentication request at the same time, then given an OpenID URL by
> itself, people can query against it. Now, most information would
> probably need to be kept private, but perhaps some information, like
> contact information, can be made available provided the requestor
> respond to a CAPTCHA or something like that. That would be up to
> the individual OPs and their users of course as to which information
> to be willing to disseminate, but the power of the feature is there.
>
> What do you think?
>
> --
> Andrew Arnott _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080526/6ed3432d/attachment-0002.htm>
More information about the general
mailing list