[OpenID] Attribute Exchange without simultaneous authentication

Andrew Arnott andrewarnott at gmail.com
Sat May 31 18:44:55 UTC 2008 

Thanks, Allen.  I hadn't thought of that.  But it seems to have the drawback
that I have to use myopenid.com not only as my provider, but as my claimed
identifier.  I prefer to use my own ClaimedId and delegate to myopenid.com,
but that means an automated RP cannot extract the hCard unless I host it
myself on my server, I believe.
I mean, I guess I could program the RP to follow the ClaimedId to the
delegate Id and look for an hCard there, but that feels wrong somehow.

On Sat, May 31, 2008 at 10:46 AM, Allen Tom <atom at yahoo-inc.com> wrote:

>  Hi Andrew,
>
> If you just want to read public information that's available for an OpenID,
> then have you considered embedding microformatted data (like an hCard) onto
> the page referenced by the OpenID? For instance, if the OpenID was someone's
> Profile Page, the RP could just read the hCard on the page to extract the
> public information for that OpenID.
>
> You could do this today with OpenIDs from MyOpenID and Flickr.
>
> Allen
>
>
>
>
>
> Andrew Arnott wrote:
>
> Attribute Exchange seems to rely on being part of an authentication message
> as opposed to being able to work when in OpenID's no-authentication
> extension mode.  I get this from section 3.1<http://openid.net/specs/openid-attribute-exchange-1_0.html#identifier-definition>of the AX spec getting the subject identifier from the authentication part
> of the message.
>
> My suggestion would be that if we can, in a subsequent version of AX, allow
> AX to stand alone without OpenID having to send an authentication request at
> the same time, then given an OpenID URL by itself, people can query against
> it.  Now, most information would probably need to be kept private, but
> perhaps some information, like contact information, can be made available
> provided the requestor respond to a CAPTCHA or something like that.  That
> would be up to the individual OPs and their users of course as to which
> information to be willing to disseminate, but the power of the feature is
> there.
>
> What do you think?
>
> --
> Andrew Arnott
>
> ------------------------------
>
> _______________________________________________
> general mailing listgeneral at openid.nethttp://openid.net/mailman/listinfo/general
>
>
>


-- 
Andrew Arnott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080531/ae3299bc/attachment-0002.htm>

More information about the general mailing list