Allowing sites to renew information

Recordon, David drecordon at verisign.com
Tue Sep 26 22:58:25 UTC 2006


I think that is slightly different from what Gerv was referring to.

With Simple Registration, there is nothing stopping a relying party from
requesting the email address with every authentication request.  Most
implementations however don't seem to do this, rather only request data
if they don't have it.

In a sense, I think there are two schools of thought:
1) IdP pushes new data to each RP
2) Each RP pulls new data in each authentication request

In a sense, I think the IdP pushing data is more robust.  If you update
your email address in your IdP, I'd imagine it would have tracked what
RPs you've given it to, and then offer to send the updated address to
them.

In the end though, I don't think this is something specifications will
necessarily dictate.  Rather I'd hope to see the specs support both
methods and then implementations choose what is best given their
requirements.

--David

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Barry Ferg
Sent: Tuesday, September 26, 2006 3:54 PM
To: Gervase Markham
Cc: specs at openid.net
Subject: Re: Allowing sites to renew information

The OpenID Attribute Exchange service has an update_url parameter in the
fetch request message that provides this functionality: http://
openid.net/specs/openid-attribute-exchange-1_0-02.html#fetch_request.

On 26-Sep-06, at 3:45 PM, Gervase Markham wrote:

> Having watched a Simon Willison presentation on OpenID, I had the 
> following idea, which I present for your consideration:
>
> If you log in to a site using OpenID, and it requests access to your 
> information (e.g. postcode) using the Simple Registration Extension, 
> and you grant it, then it should be possible for the site to re-get 
> that information at the time of any future login without needing to 
> ask you.
>
> This solves the "I've moved; now I need to update my address 
> preferences with 40 different e-commerce sites by hand" problem.
>
> If this is possible at the moment, my apologies for wasting your time.
> Please CC me on any replies; I am not subscribed to the list.
>
> Gerv
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs




More information about the specs mailing list