[OpenID] Attribute Exchange without simultaneous authentication
Andrew Arnott
andrewarnott at gmail.com
Tue May 27 14:01:17 UTC 2008
That makes sense to me. But if I may ask, are any extensions successfully
using non-authentication mode in OpenID already? If so, what useful thing
do they offer without a simultaneous identity URL being carried? I'm
wondering if leaving out the ID in order to drop authentication from the
protocol is the wrong approach. It seems to me like the identifier should
always be carried on the protocol, but perhaps with an extra field that says
"I don't want proof that my user is this guy... I'm just asking this
question about a third party."
On Tue, May 27, 2008 at 1:12 AM, Nate Klingenstein <ndk at internet2.edu>
wrote:
> I agree with Peter. Tacking things onto particular specs should be
> avoided to limit proliferation of fields and terms for conceptually similar
> things. It seems to me that the idea of openid.identity, as the OP-local
> identifier, would still be applicable in this sense.
>
> Is there a reason not to generalize this?
> Nate.
>
> On 26 May 2008, at 19:31, Peter Williams wrote:
>
> I think its more important to fix the critical issue: follow through the
> intent and ensure the docs allow any (perhaps vendor-defined) extension (not
> only AX) to leverage a pre-existing OpenID Association without seeking an
> athentication Statement (or imply the processing of authenticaiton requests
> signals, by an OP).
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
--
Andrew Arnott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080527/471e59f3/attachment-0002.htm>
More information about the general
mailing list