[OpenID] making OpenId RESTful
Story Henry
henry.story at bblfish.net
Thu Jan 21 10:06:05 UTC 2010
On 21 Jan 2010, at 09:50, Story Henry wrote:
> On 21 Jan 2010, at 09:07, Melvin Carvalho wrote:
>
>>> A longer term and more scalable approach would be to define an Artifact
>>> Binding for OpenID - where an artifact (aka a short token) is returned to
>>> the RP in lieu of the AX data. The RP then makes a backend direct server
>>> call back to the OP with the Artifact to get the actual data. Only the
>>> artifact is sent on the browser redirect.
>
> This sounds like what I was suggesting in "Making OpenId RESTful" [1] that started this thread.
>
> Essentially the OpenId provider returns a URL as part of the attribute exchange that goes through the user's browser. The intent of that URL is that it point to a resource where more information about the user is located. This URL could indeed be a bitly url.
>
>> Interesting idea, though it adds another connection, it may be worth it. In
>> this case you could be agnostic of the data format, returning key/value
>> pairs, FOAF/RDF or ATOM as necessary.
>
> Indeed the web server at that URL can do content negotiation to serve back the URL most desired by the client (The Relying party in this case)
I meant:
"Indeed the web server serving up content for that URL - owned by the IDP, but not necessarily - can do content negotiation to serve back a representation most desired by the client (The Relying party in this case)"
>
> Henry
>
>
> [1] http://lists.foaf-project.org/pipermail/foaf-protocols/2010-January/001477.html
More information about the specs
mailing list