<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi Peter,<br>
<br>
AOL supports two types of identifiers...<br>
<br>
1. opaque pseudonymous identifiers (as required by the US Government
ICAM profile). These identifiers are always HTTPS identifiers and can
be requested by specifying the PAPE policy "
</font>
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 2008">
<meta name="Originator" content="Microsoft Word 2008">
<link rel="File-List"
href="file://localhost/Users/gffletch/Library/Caches/TemporaryItems/msoclip/0clip_filelist.xml">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Template>Normal.dotm</o:Template>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>11</o:Words>
<o:Characters>66</o:Characters>
<o:Company>AOL, .LLC</o:Company>
<o:Lines>1</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>81</o:CharactersWithSpaces>
<o:Version>12.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:Zoom>0</w:Zoom>
<w:TrackMoves>false</w:TrackMoves>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:DrawingGridHorizontalSpacing>18 pt</w:DrawingGridHorizontalSpacing>
<w:DrawingGridVerticalSpacing>18 pt</w:DrawingGridVerticalSpacing>
<w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
<w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:DontGrowAutofit/>
<w:DontAutofitConstrainedTables/>
<w:DontVertAlignInTxbx/>
</w:Compatibility>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="276">
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin-top:0in;
margin-right:0in;
margin-bottom:12.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
font-size:11.0pt;
mso-bidi-font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
</style>
<![endif]-->
<!--StartFragment--><font face="Helvetica, Arial, sans-serif"><span
style="font-size: 10pt; font-family: "Courier New";"><a class="moz-txt-link-freetext" href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</a></span>"</font><!--EndFragment-->.
This is described in section 3.3.1.<br>
<br>
2. Public correlatable identifiers. Unfortunately, these are still HTTP
and they will have to stay that way until there is a way to upgrade
HTTP OpenIDs to HTTPS OpenIDs. I have a plan for AOL, but unless all
RPs agree to implement the flow (described in a session at IIW[1]), AOL
users will lose all their data at the RP because an HTTP OpenID does
NOT equal an HTTPS OpenID.<br>
<br>
So, if you currently have no AOL users at your RP, then if you use the
PAPE policy for pseudonymous identifiers, you will have a complete path
over HTTPS.<br>
<br>
Also, XRDS discovery works for <a class="moz-txt-link-abbreviated" href="http://www.aol.com">www.aol.com</a> which is a little easier
than <a class="moz-txt-link-rfc2396E" href="https://api.screenname.aol.com/auth">"https://api.screenname.aol.com/auth"</a> :)<br>
<br>
Feel free to contact me off-list if you need any specific details.<br>
<br>
Thanks,<br>
George<br>
<br>
[1] <a class="moz-txt-link-freetext" href="http://iiw.idcommons.net/Migrating_from_HTTP_to_HTTPS_OpenID">http://iiw.idcommons.net/Migrating_from_HTTP_to_HTTPS_OpenID</a><br>
<br>
<br>
On 6/11/10 4:25 PM, Peter Watkins wrote:
<blockquote cite="mid:20100611162551.A8884@gwyn.tux.org" type="cite">
<pre wrap="">It's been 9 months since we saw this headline:
Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom,
Citi, Privo, Wave Systems Pilot Open Identity for Open Government
(<a class="moz-txt-link-freetext" href="http://openid.net/2009/09/09/yahoo-paypal-google-equifax-aol-verisign-acxiom-citi-privo-wave-systems-pilot-open-identity-for-open-government-2/">http://openid.net/2009/09/09/yahoo-paypal-google-equifax-aol-verisign-acxiom-citi-privo-wave-systems-pilot-open-identity-for-open-government-2/</a>)
and I understood that one of the US Government's ICAM
requirements for OpenID OPs was to use 100% https. Last month
I checked AOL again and it is *very* close to providing what
I expected -- I can use <a class="moz-txt-link-freetext" href="https://api.screenname.aol.com/auth/">https://api.screenname.aol.com/auth/</a>
for a directed identity login with AOL. But the final identifiers
are <a class="moz-txt-link-freetext" href="http://">http://</a> URLs (<a class="moz-txt-link-rfc2396E" href="https://api.screenname.aol.com/auth/screenname">"https://api.screenname.aol.com/auth/screenname"</a>
or <a class="moz-txt-link-rfc2396E" href="https://api.screenname.aol.com/auth/biglongrandomstringhere">"https://api.screenname.aol.com/auth/biglongrandomstringhere"</a>).
Is this AOL's final plan, or will they move to using https:
URIs for individual identifiers?
As far as I know, Google and Yahoo! are still the only really
big OPs that offer 100% https directed identity logins. This does
simplify our NASCAR RP login page, but I'm disappointed not to be
able to offer AOL and Windows Live... are there other big players
whose logos I should consider adding, OPs with 100% https directed
identity solutions in place now?
Thanks,
Peter
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@lists.openid.net">general@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-general">http://lists.openid.net/mailman/listinfo/openid-general</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Chief Architect
Identity Services Engineering
AOL Inc.
</pre>
</body>
</html>