<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I think that it is more of a description of the current state, though if changed it blurs the difference between OpenID and OAuth even more. It's worth trying out though.<div><br></div><div>--David</div><div><br><div><div>On Aug 13, 2009, at 9:05 AM, Nat Sakimura wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Is this "indirectness" a philosophy or just a description of the current state? <div>It is not only me who wants to do artifact binding, and it is much simpler than doing both OpenID and OAuth. </div><div><br></div> <div>=nat<br><br><div class="gmail_quote">On Fri, Aug 14, 2009 at 12:39 AM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> OpenID extensions must be carried by indirect messages (through the browser). If you're looking for ways for server-to-server communication to get attributes, I suggest you look at OAuth. Specifically perhaps the OpenID+OAuth extension, which could enable the RP to send the request directly to the OP for these large payloads you're talking about.<div> <div class="im"> <br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br> <br><br></div><div class="gmail_quote"><div><div></div><div class="h5">On Thu, Aug 13, 2009 at 8:03 AM, Nat Sakimura <span dir="ltr"><<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span> wrote:<br> </div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5"> Hmmm. So, there is no way we can do direct communication in an extension? <div>What I want to do is to send the large payload directly between the servers and move only the reference through OpenID Authn request and response so that </div> <div><br></div><div>1) mobile clients will not choke. </div><div>2) is going to be more secure. </div><div><br></div><div>In AX, there is a notion of update_url, but is that also used only for indirect communication through browser? </div> <div><br></div><div>I feel that it is extremely limiting if we cannot do the server to server communication. </div><div><br></div><div>If that is not a possibility, then I should probably do the server to server portion elsewhere, and just do the reference/artifact moving through OpenID AuthN, but that sounds like OpenID strangling itself. </div> <div><br></div><div>=nat<div><br><br><div class="gmail_quote">On Thu, Aug 13, 2009 at 11:01 PM, James Henstridge <span dir="ltr"><<a href="mailto:james@jamesh.id.au" target="_blank">james@jamesh.id.au</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div>On Thu, Aug 13, 2009 at 8:05 AM, Nat Sakimura<<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>> wrote:<br> > I blogged bout the subject here:<br> > <a href="http://www.sakimura.org/en/modules/wordpress/index.php?p=91" target="_blank">http://www.sakimura.org/en/modules/wordpress/index.php?p=91</a><br> ><br> > What would be the consensus here?<br> <br> </div>My reading of the spec (and what I believe is the author's intent) is<br> that OpenID extensions do indeed piggyback on an authentication<br> request. The note about including the extension's type URI in XRDS is<br> a way that an OpenID provider can advertise support for the extension.<br> <br> Note that in OpenID 2.0, sending openid.identifier in an<br> authentication request is optional. So you could potentially use an<br> extension without actually authenticating as a particular user. From<br> section 9.1:<br> <br> """<br> "openid.claimed_id" and "openid.identity" SHALL be either both present<br> or both absent. If neither value is present, the assertion is not<br> about an identifier, and will contain other information in its<br> payload, using extensions (Extensions).<br> """<br> <font color="#888888"><br> James.<br> </font></blockquote></div><br><br clear="all"><br></div>-- <br><font color="#888888">Nat Sakimura (=nat)</font><div><br><a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br> </div></div> <br></div></div><div class="im">_______________________________________________<br> specs mailing list<br> <a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> <br></div></blockquote></div><br></div> </blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br> </div> _______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs<br></blockquote></div><br></div></body></html>