AX has this push mechanism that allows OPs to notify RPs when attribute values have changed. I've never heard of this being used. RPs probably do want to know when their user's data has changed, but AX push is too scary, too poorly supported, or something.<div>
<br></div><div><div><div><div>But what if we took a different approach. What if instead of AX, we used OAuth. Follow me on this.</div><div><br></div><div>Send an OAuth request for permissions to a user's email address, rather than an AX request for the email address itself. Then the RP can request the user's email address whenever it wants it, whether or not the user is currently authenticating. </div>
<div><br></div><div>What does this buy you? Ok, not a lot. But it's an interesting use case for OAuth that I think we should consider.</div><div><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
</div></div></div></div>