<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.24.1.1">
</HEAD>
<BODY>
Thank you everyone for your suggestions. I've been researching the suggestions you've made, and I think that at least one of them will work for what I want to do. I need more time to familiarize myself with the technologies before I can tell for sure.<BR>
<BR>
Again, thank you, and if you do have any other suggestions, feel free to let me know.<BR>
<BR>
Chad<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: John Bradley <<A HREF="mailto:John%20Bradley%20%3cve7jtb@ve7jtb.com%3e">ve7jtb@ve7jtb.com</A>><BR>
<B>To</B>: Lukas Rosenstock <<A HREF="mailto:Lukas%20Rosenstock%20%3clr@lukasrosenstock.net%3e">lr@lukasrosenstock.net</A>><BR>
<B>Cc</B>: Chad Groneman <<A HREF="mailto:Chad%20Groneman%20%3cchad.groneman@sirsidynix.com%3e">chad.groneman@sirsidynix.com</A>>, openid-general@lists.openid.net <<A HREF="mailto:%22openid-general@lists.openid.net%22%20%3copenid-general@lists.openid.net%3e">openid-general@lists.openid.net</A>><BR>
<B>Subject</B>: Re: [OpenID] OpenID - Service Discovery?<BR>
<B>Date</B>: Wed, 24 Feb 2010 06:13:14 -0700<BR>
<BR>
One hybrid option that has been discussed but not implemented to my knowledge.
<BR>
<BR>
A users public services should be in there XRD/S document that is publicly discoverable.
<BR>
<BR>
However the user could have a AX Attribute which is a XRD/S that contains private endpoint information.
<BR>
<BR>
In a sophisticated IdP they could also populate the private XRD/S with oAuth access tokens for those endpoints if desired.
<BR>
<BR>
John B.
On 2010-02-24, at 6:13 AM, Lukas Rosenstock wrote:
<BR>
<BLOCKQUOTE TYPE=CITE>
Hi Chad!
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
There could be two approaches:
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
a) Discovering information along with the OpenID Endpoint.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
b) Receiving data from the OpenID provider after authentication.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
In a), the information to be discovered has to be public and can be read by anyone; it is not even required to actually use OpenID to authenticate. Right now, this can be done with XRDS and Yadis discovery though these may be replaced by the new XRD and/or Webfinger. If you are interested in these things, <A HREF="http://www.hueniverse.com/">http://www.hueniverse.com/</A> is a great site.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
The b) method has the advantage that information is issued by the identity provider after establishing trust and identity; therefore the exchanged information is under the user's control. For this, Attribute Exchange is the way to go! This is extensible and other OpenID extensions could also be introduced. I don't know much about FOAF+SSL, but even this could be applicable.
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
Regards,
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
Lukas Rosenstock
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
2010/2/18 Chad Groneman <<A HREF="mailto:chad.groneman@sirsidynix.com">chad.groneman@sirsidynix.com</A>><BR>
<BLOCKQUOTE>
Hello all,<BR>
<BR>
I'm investigating the possibility of using OpenID as a way to convey<BR>
service information to interested parties. In other words, if a user<BR>
logs into a site that would like more specific details on a particular<BR>
topic, it could query to get any information providers which are<BR>
associated with the user. I imagine using the Attribute Exchange, but<BR>
there may be a better solution.<BR>
<BR>
A very simple example would be if a user logged in to a site that would<BR>
like to know the exact location of a user. There could be many<BR>
providers of this information, so the site queries for the user's<BR>
provider. It finds a provider, and from there is able to query the<BR>
provider to find the user's exact location. All this is done without<BR>
needing to have the user select their provider from a list and log in to<BR>
that provider.<BR>
<BR>
It seems to me that OpenID would be a good way to do it, although it may<BR>
be abusing the Attribute Exchange - especially as more types of services<BR>
emerge.<BR>
<BR>
What are your thoughts? Is this in-line with the goals of OpenID? Is<BR>
there anything else you would recommend investigating?<BR>
<BR>
Thank you.<BR>
<BR>
--<BR>
<FONT COLOR="#888888">Chad Groneman</FONT>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
<BR>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BLOCKQUOTE>
<BR>
<BR>
_______________________________________________<BR>
general mailing list<BR>
<A HREF="mailto:general@lists.openid.net">general@lists.openid.net</A><BR>
<A HREF="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</A><BR>
<BR>
</BLOCKQUOTE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
<BR>
-- <BR>
<A HREF="http://lukasrosenstock.net/">http://lukasrosenstock.net/</A><BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
_______________________________________________<BR>
general mailing list<BR>
<A HREF="mailto:general@lists.openid.net">general@lists.openid.net</A><BR>
http://lists.openid.net/mailman/listinfo/openid-general
</BLOCKQUOTE>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
</PRE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>