Thoughts on the Attribute Exchange proposal.

[Rowan Kerr]

Preface if you're new to the OpenID terminology...
AX = Attribute Exchange
OP = OpenID Provider (i.e. the server that holds your attributes)
RP = Relying Party (i.e. some website that wants to use your data for  
its services)

A brief bit about my background...
Until just recently, I was working at Standard Interactive (owned by
Standard Broadcasting) to implement AX for their radio stations
so that it's easier to share listener data with partners and avoid
listeners having multiple logins for each service offered by a
particular station site. The value provided by AX is clear to them
and will save a lot of work on the part of radio station staff and
confusion on the part of users moving forward.

OK, on to my response to your message...


On 9-Mar-07, at 11:25 AM, Wayne Pierce wrote:
>   1. Updating information.  When I update an attribute is there any
> proposed way to notify subscribers without the subscribers having to
> poll my URI?

Yes. If an RP sets "update_url" when doing an AX Fetch, the OP can
re-post data to that URL when the user makes changes.


>   2. Is there any way for an entity to create a collection of
> attributes for individuals to associate values with?  I saw a
> reference to "Personas" in one of the documents but these seemed to be
> user-derived.

Attributes are defined by your OP. The collection of attributes
an OP supports can be discovered by looking at the RDF
schema. (i.e. http://idschema.standardinteractive.com/)


> The system I have been looking at is very similar, but seems to start
> from a different perspective.  My starting point was about making an
> organization more efficient and easing the burden of updating my
> information with multiple organizations at once.

AX can achieve this.


> To accomplish this I was looking at ways to allow an organization to
> create "Profiles" of Attributes.  In the talks I have had with people
> they seemed to want profiles that match their existing HR documents or
> data they would like to collect but have no documents or processes
> for.

You can create an RDF schema for the set of attributes you want.
Or, use a subset of some other known schema, and have your RP
ask only for the ones you require.


> Individuals would then associate Attributes with the fields for a
> Profile

This would be done by a user's OP.


> when the local Attribute was updated any Profile containing
> that Attribute would be updated.  This would trigger an update to the
> authorized organizations.

RP's can use an AX Store message to update attributes on an OP.



> Other things I have looked at are ways to secure the data, potentially
> using GnuPG and building a client application for managing the
> Attributes and Profiles.

Sounds like it's implementation specific, not something that the
protocol actually needs to worry about.


> I am still reading some of the specs and mailing list archive, but I
> will help out where I can.

Great! It sounds like a lot of your ideas are achievable with AX already
and I'm sure everyone will appreciate more feedback and ideas.



-Rowan
Sxip Identity
(Previously at Standard Interactive)