[OpenID] Attribute Exchange without simultaneous authentication

[Allen Tom]

Hi Andrew,

If you just want to read public information that's available for an 
OpenID, then have you considered embedding microformatted data (like an 
hCard) onto the page referenced by the OpenID? For instance, if the 
OpenID was someone's Profile Page, the RP could just read the hCard on 
the page to extract the public information for that OpenID.

You could do this today with OpenIDs from MyOpenID and Flickr.

Allen





Andrew Arnott wrote:
> Attribute Exchange seems to rely on being part of an authentication 
> message as opposed to being able to work when in OpenID's 
> no-authentication extension mode.  I get this from section 3.1 
> <http://openid.net/specs/openid-attribute-exchange-1_0.html#identifier-definition> 
> of the AX spec getting the subject identifier from the authentication 
> part of the message.
>
> My suggestion would be that if we can, in a subsequent version of AX, 
> allow AX to stand alone without OpenID having to send an 
> authentication request at the same time, then given an OpenID URL by 
> itself, people can query against it.  Now, most information would 
> probably need to be kept private, but perhaps some information, like 
> contact information, can be made available provided the requestor 
> respond to a CAPTCHA or something like that.  That would be up to the 
> individual OPs and their users of course as to which information to be 
> willing to disseminate, but the power of the feature is there.
>
> What do you think?
>
> -- 
> Andrew Arnott
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080531/87361f9d/attachment-0002.htm>