So, what is an OpenID Extension?
Andrew Arnott
andrewarnott at gmail.com
Thu Aug 13 14:49:08 UTC 2009
I'll just add that it turns out there are interesting scenarios for
extensions w/o openid.identity, such as verifying membership in an
organization by asking a* trusted* OP for an attribute via AX.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Thu, Aug 13, 2009 at 7:01 AM, James Henstridge <james at jamesh.id.au>wrote:
> On Thu, Aug 13, 2009 at 8:05 AM, Nat Sakimura<sakimura at gmail.com> wrote:
> > I blogged bout the subject here:
> > http://www.sakimura.org/en/modules/wordpress/index.php?p=91
> >
> > What would be the consensus here?
>
> My reading of the spec (and what I believe is the author's intent) is
> that OpenID extensions do indeed piggyback on an authentication
> request. The note about including the extension's type URI in XRDS is
> a way that an OpenID provider can advertise support for the extension.
>
> Note that in OpenID 2.0, sending openid.identifier in an
> authentication request is optional. So you could potentially use an
> extension without actually authenticating as a particular user. From
> section 9.1:
>
> """
> "openid.claimed_id" and "openid.identity" SHALL be either both present
> or both absent. If neither value is present, the assertion is not
> about an identifier, and will contain other information in its
> payload, using extensions (Extensions).
> """
>
> James.
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090813/6b04a43c/attachment.htm>
More information about the specs
mailing list