[OpenID] OpenID - Service Discovery?
Chad Groneman
chad.groneman at sirsidynix.com
Wed Feb 24 14:27:46 UTC 2010
Thank you everyone for your suggestions. I've been researching the
suggestions you've made, and I think that at least one of them will work
for what I want to do. I need more time to familiarize myself with the
technologies before I can tell for sure.
Again, thank you, and if you do have any other suggestions, feel free to
let me know.
Chad
-----Original Message-----
From: John Bradley <ve7jtb at ve7jtb.com>
To: Lukas Rosenstock <lr at lukasrosenstock.net>
Cc: Chad Groneman <chad.groneman at sirsidynix.com>,
openid-general at lists.openid.net <openid-general at lists.openid.net>
Subject: Re: [OpenID] OpenID - Service Discovery?
Date: Wed, 24 Feb 2010 06:13:14 -0700
One hybrid option that has been discussed but not implemented to my
knowledge.
A users public services should be in there XRD/S document that is
publicly discoverable.
However the user could have a AX Attribute which is a XRD/S that
contains private endpoint information.
In a sophisticated IdP they could also populate the private XRD/S with
oAuth access tokens for those endpoints if desired.
John B.
On 2010-02-24, at 6:13 AM, Lukas Rosenstock wrote:
> Hi Chad!
>
> There could be two approaches:
> a) Discovering information along with the OpenID Endpoint.
> b) Receiving data from the OpenID provider after authentication.
>
>
> In a), the information to be discovered has to be public and can be
> read by anyone; it is not even required to actually use OpenID to
> authenticate. Right now, this can be done with XRDS and Yadis
> discovery though these may be replaced by the new XRD and/or
> Webfinger. If you are interested in these
> things, http://www.hueniverse.com/ is a great site.
>
>
> The b) method has the advantage that information is issued by the
> identity provider after establishing trust and identity; therefore the
> exchanged information is under the user's control. For this, Attribute
> Exchange is the way to go! This is extensible and other OpenID
> extensions could also be introduced. I don't know much about FOAF+SSL,
> but even this could be applicable.
>
>
> Regards,
> Lukas Rosenstock
>
>
>
> 2010/2/18 Chad Groneman <chad.groneman at sirsidynix.com>
>
> Hello all,
>
> I'm investigating the possibility of using OpenID as a way to
> convey
> service information to interested parties. In other words, if
> a user
> logs into a site that would like more specific details on a
> particular
> topic, it could query to get any information providers which
> are
> associated with the user. I imagine using the Attribute
> Exchange, but
> there may be a better solution.
>
> A very simple example would be if a user logged in to a site
> that would
> like to know the exact location of a user. There could be
> many
> providers of this information, so the site queries for the
> user's
> provider. It finds a provider, and from there is able to
> query the
> provider to find the user's exact location. All this is done
> without
> needing to have the user select their provider from a list and
> log in to
> that provider.
>
> It seems to me that OpenID would be a good way to do it,
> although it may
> be abusing the Attribute Exchange - especially as more types
> of services
> emerge.
>
> What are your thoughts? Is this in-line with the goals of
> OpenID? Is
> there anything else you would recommend investigating?
>
> Thank you.
>
> --
> Chad Groneman
>
>
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
>
>
> --
> http://lukasrosenstock.net/
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20100224/c87d0109/attachment.htm>
More information about the general
mailing list