This would introduce security considerations at the RP however, in that the data coming from the OP must not be trusted to be the same data the RP sent originally. That doesn't mean it's a bad idea... just that that should be taken into account and spelled out in the spec with the new capability.<br>
<br><div class="gmail_quote">On Thu, May 22, 2008 at 9:05 AM, Dick Hardt <<a href="mailto:dick@sxip.com">dick@sxip.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Attribute Exchange was intended for an RP to store data that would<br>
useful to other RPs.<br>
<br>
If there is sufficient interest in the use case that Steven has<br>
brought up, AX could be extended so that data stored is tagged with<br>
its origin and then provided back to the RP when the user logs in<br>
again in the future. For small sites, this has the advantage of being<br>
able to outsource local attributes.<br>
<font color="#888888"><br>
-- Dick<br>
</font><div><div></div><div class="Wj3C7c"><br>
On 22-May-08, at 3:14 AM, Steven Livingstone-Perez wrote:<br>
<br>
> Thanks Jorn - yes you are right about protecting "local" attributes<br>
> so that<br>
> it isn't shared amongst bodies (that is a whole new discussion).<br>
><br>
> I will need to look more into the attribute exchange today/tomorrow.<br>
><br>
> The reason it is useful at the IP is simply for convenience for RP's<br>
> who<br>
> want to store attribute information against the ID's but don't want to<br>
> modify their local schema. An IP durable bucket would be very useful.<br>
><br>
> Regards,<br>
> Steven<br>
> <a href="http://weblivz.openid.org" target="_blank">http://weblivz.openid.org</a><br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]<br>
> On<br>
> Behalf Of Jørn Wildt<br>
> Sent: 22 May 2008 09:55<br>
> To: 'OpenID List'<br>
> Subject: Re: [OpenID] Consumers storing data againat an OpenID<br>
><br>
>> this has already being<br>
>> considered under OpenID Attribute Exchange<br>
><br>
> But does Attribute Exchange take the origin into account? It's much<br>
> like<br>
> cookies - if site A stores attribute X at the IP, will site B then<br>
> get the<br>
> attribute?<br>
><br>
> Should it? In this example it is some local school information. But<br>
> what if<br>
> I used the same OpenID at both CIA and Al-Quaeda? Then I probably<br>
> wouldn't<br>
> want my CIA spyname sent to Al-Quaeda just because CIA found it<br>
> convenient<br>
> to store it at the IP.<br>
><br>
> It seems to me that local data should be stored at the RP only - it<br>
> has<br>
> nothing to do at the IP.<br>
><br>
> Or have I missed something?<br>
><br>
> /Jørn<br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [mailto:<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>]<br>
> On<br>
> Behalf Of Prabath Siriwardena<br>
> Sent: 22. maj 2008 10:47<br>
> To: Steven Livingstone-Perez<br>
> Cc: <a href="mailto:general@openid.net">general@openid.net</a><br>
> Subject: Re: [OpenID] Consumers storing data againat an OpenID<br>
><br>
> If I correctly understood your question - Yes - this has already being<br>
> considered under OpenID Attribute Exchange [1].<br>
><br>
> Thanks & regards.<br>
> - Prabath<br>
><br>
> [1]: <a href="http://openid.net/specs/openid-attribute-exchange-1_0.html#store" target="_blank">http://openid.net/specs/openid-attribute-exchange-1_0.html#store</a><br>
><br>
> On Thu, May 22, 2008 at 1:43 PM, Steven Livingstone-Perez<br>
> <<a href="mailto:weblivz@hotmail.com">weblivz@hotmail.com</a>> wrote:<br>
>> Has it ever been considered that a consumer of an OpenID may wish<br>
>> to store<br>
>> some attributes data against that user?<br>
>><br>
>><br>
>><br>
>> In other words rather than storing it locally (and doing the work<br>
>> required<br>
>> to achieve this) a trusted consumer may have "write" abilities<br>
>> which would<br>
>> allow them to store some information important only to them against<br>
>> the<br>
>> OpenID?<br>
>><br>
>><br>
>><br>
>> For example you may log in and be directed to a site who may wish<br>
>> to store<br>
>> the local username they use for you with the OpenID so they can get<br>
>> it as<br>
>> one of the attributes next time – or (as someone recently asked me)<br>
>> store<br>
>> the local school they are to be associated with under their domain.<br>
>><br>
>><br>
>><br>
>> Regards,<br>
>><br>
>> Steven<br>
>><br>
>> <a href="http://weblivz.openid.org" target="_blank">http://weblivz.openid.org</a><br>
>><br>
>> _______________________________________________<br>
>> general mailing list<br>
>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>><br>
>><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Andrew Arnott