[OpenID] OpenID - Service Discovery?

Wed Feb 24 13:13:14 UTC 2010

One hybrid option that has been discussed but not implemented to my knowledge.

A users public services should be in there XRD/S document that is publicly discoverable.

However the user could have a AX Attribute which is a XRD/S that contains private endpoint information.

In a sophisticated IdP they could also populate the private XRD/S with oAuth access tokens for those endpoints if desired.

John B.
On 2010-02-24, at 6:13 AM, Lukas Rosenstock wrote:

> Hi Chad!
> There could be two approaches:
> a) Discovering information along with the OpenID Endpoint.
> b) Receiving data from the OpenID provider after authentication.
> 
> In a), the information to be discovered has to be public and can be read by anyone; it is not even required to actually use OpenID to authenticate. Right now, this can be done with XRDS and Yadis discovery though these may be replaced by the new XRD and/or Webfinger. If you are interested in these things, http://www.hueniverse.com/ is a great site.
> 
> The b) method has the advantage that information is issued by the identity provider after establishing trust and identity; therefore the exchanged information is under the user's control. For this, Attribute Exchange is the way to go! This is extensible and other OpenID extensions could also be introduced. I don't know much about FOAF+SSL, but even this could be applicable.
> 
> Regards,
>  Lukas Rosenstock
> 
> 
> 2010/2/18 Chad Groneman <chad.groneman at sirsidynix.com>
> Hello all,
> 
> I'm investigating the possibility of using OpenID as a way to convey
> service information to interested parties.  In other words, if a user
> logs into a site that would like more specific details on a particular
> topic, it could query to get any information providers which are
> associated with the user.  I imagine using the Attribute Exchange, but
> there may be a better solution.
> 
> A very simple example would be if a user logged in to a site that would
> like to know the exact location of a user.  There could be many
> providers of this information, so the site queries for the user's
> provider.  It finds a provider, and from there is able to query the
> provider to find the user's exact location.  All this is done without
> needing to have the user select their provider from a list and log in to
> that provider.
> 
> It seems to me that OpenID would be a good way to do it, although it may
> be abusing the Attribute Exchange - especially as more types of services
> emerge.
> 
> What are your thoughts?  Is this in-line with the goals of OpenID?  Is
> there anything else you would recommend investigating?
> 
> Thank you.
> 
> --
> Chad Groneman
> 
> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
> 
> 
> 
> -- 
> http://lukasrosenstock.net/
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100224/c2b7c756/attachment.htm>