<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>This begs a wider question concerning AX. The underlying issue relates
to my own confusion over the wider role of AX (expressed in a thread a week or
two ago).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>For Dick, evidently AX is the extensible form of sreg –
and is about a visible user-centric experience (e.g. a signup wizard). It’s
little more. There is a bit of stuff about AX update.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>For others, two websites may be exploiting an _<i>existing</i>_ openid
pairwise security association to signal each other over that authenticated
channel, using AX extensions for requests/response FOR PER-APPLICATION PURPOSES.
This may be occurring OUTSIDE a visible user experience (such as signup form population).
The user may have no interactive role. One might only set a config policy of “please
sync me every 10m”, and 10 AX transactions occur over 10 hidden iframes
(every 10m).<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Im with Pat on AX; doing the kind of thing he is doing is what
it seemed to be saying it was for... <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>As with XRI, the power of openid is its architecture and the
enabling that XRI/XDI/AX/URls provide to app developers. It’s not the particular
GUI practice today – which at the end of the day is just another websso
protocol that also ran. Since any and all websso is however a fundamental enabler
(because it brings with it solutions to security associations, consent, and impersonated
session management), its what now follows from and develops on the openid architecture
that is the _<i>really</i>_ interesting stuff.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces@openid.net [mailto:general-bounces@openid.net] <b>On Behalf Of </b>larry
drebes<br>
<b>Sent:</b> Tuesday, December 30, 2008 3:19 AM<br>
<b>To:</b> Pat Cappelaere<br>
<b>Cc:</b> general@openid.net List<br>
<b>Subject:</b> Re: [OpenID] CheckIDRequest with Big AX<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi Pat,<o:p></o:p></p>
<div>
<p class=MsoNormal>The normal behavior for an OP is to assume the user is in
the loop. With javascript enabled the form POST submit should happen
automatically, for the vast majority of time this is not pestering the user.<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>larry-<o:p></o:p></p>
<div>
<p class=MsoNormal>On Mon, Dec 29, 2008 at 7:46 PM, Pat Cappelaere <<a
href="mailto:pat@cappelaere.com">pat@cappelaere.com</a>> wrote:<o:p></o:p></p>
<p class=MsoNormal>I have an interesting problem.<br>
<br>
I am trying to make a CheckIDRequest along with a few experimental AX.<br>
Problem is that my attributes are fairly large and could overflow the<br>
GET.<br>
The Janrain Ruby library detects that and turns the response into a<br>
secondary form. A user has to hit continue for the form to do a<br>
post. This is fine if there is a user in the loop (although confusing<br>
at best) but this is not my case. I do not have a user in the loop.<br>
I am really trying to authenticate an application consumer that<br>
happens to have an openid and trying to get its pubic key in order to<br>
do the OAuth dance using AX... cool stuff...<br>
<br>
My questions are:<br>
<br>
Is this the normal behavior of an OP?<br>
<br>
Should I try to patch the server library to return a directPOST?<br>
<br>
Or get my consumer to break down the request in two parts? I am not<br>
quite sure how the second part would look like though...<br>
<br>
Any suggestions?<br>
<br>
Thanks,<br>
<br>
Pat.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>