<html><body bgcolor="#FFFFFF"><div>+1. I think those are the basic profile building blocks for social software. The avatar is something we particularly need for openid. <br><br>Sent from my iPhone 2G</div><div><br>On Dec 8, 2009, at 22:06, John Panzer <<a href="mailto:john@johnpanzer.com">john@johnpanzer.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>For my use cases, the important things are, unscientifically,<div><br></div><div>1. Display name</div><div>2. Avatar / photo</div><div>3. Preferred link to human-readable online presence -- profile, blog, whatever strikes their fancy. <br>
<div><br></div><div><br><br><div class="gmail_quote">On Tue, Dec 8, 2009 at 8:38 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com"><a href="mailto:recordond@gmail.com">recordond@gmail.com</a></a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I'm sure that the data is wildly out of date, but at the time the SREG<br>
fields (<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank"><a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format">http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format</a></a>)<br>
were based on looking at what a few hundred different sites were<br>
asking for.<br>
<br>
I unscientifically think that the extremely common stuff is:<br>
- Name<br>
- Avatar / photo<br>
- Email address<br>
<br>
Scientifically, we should actually put some effort into looking at<br>
sign in pages again. :)<br>
<font color="#888888"><br>
--David<br>
</font><div><div></div><div class="h5"><br>
On Tue, Dec 8, 2009 at 7:59 PM, Jonathan Coffman<br>
<<a href="mailto:jonathan.coffman@gmail.com"><a href="mailto:jonathan.coffman@gmail.com">jonathan.coffman@gmail.com</a></a>> wrote:<br>
> Out of curiosity, beyond the email discussion below what are the primary<br>
> metadata needs around the other major (PoCo) fields?<br>
> Speaking to the use-cases I work off of here at PBS, I'm primarily concerned<br>
> about emails being verified (and a signup date is also useful) and am most<br>
> inclined to trust the OP (especially if it were a white-listed or otherwise<br>
> vetted iDP).<br>
> Jonathan<br>
><br>
> On Dec 8, 2009, at 2:17 PM, Chris Messina wrote:<br>
><br>
> Is it worth looking at how Facebook handles the passing of profile data? Or<br>
> is their architecture/use case different?<br>
><br>
> <a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank"><a href="http://wiki.developers.facebook.com/index.php/Users.getInfo">http://wiki.developers.facebook.com/index.php/Users.getInfo</a></a><br>
> On Tue, Dec 8, 2009 at 11:08 AM, Breno de Medeiros <<a href="mailto:breno@google.com"><a href="mailto:breno@google.com">breno@google.com</a></a>> wrote:<br>
>><br>
>> On Tue, Dec 8, 2009 at 11:01 AM, John Panzer <<a href="mailto:jpanzer@google.com"><a href="mailto:jpanzer@google.com">jpanzer@google.com</a></a>> wrote:<br>
>> > For "one-time" URLs, you'd probably want to allow for retries for a<br>
>> > short<br>
>> > period (or just allow it to be accessed for say 5m) which would have<br>
>> > approximately the same level of protection.<br>
>> > You could also imagine long-lived capabilities along the lines of OAuth<br>
>> > tokens that allow RPs to repeatedly refresh the data as needed. (Better<br>
>> > of<br>
>> > course if they can subscribe to changes, but that's an implementation<br>
>> > detail<br>
>> > and definitely a separate spec.)<br>
>> > Given that AX already supports requesting URL-valued data (e.g., profile<br>
>> > photos) I think this just comes down to defining a fairly complicated<br>
>> > data<br>
>> > type for AX and passing a URL around.<br>
>><br>
>> A more lightweight alternative is to adopt an 'artifact' mode where<br>
>> most of the OpenID assertion (request and response) can be passed in<br>
>> the backchannel. That is a bit more difficult to implement but easier<br>
>> to spec (because the existing URLs can be used) and more general<br>
>> (compacts all extensions, not only AX).<br>
>><br>
>> > --<br>
>> > John Panzer / Google<br>
>> > <a href="mailto:jpanzer@google.com"><a href="mailto:jpanzer@google.com">jpanzer@google.com</a></a> / <a href="http://abstractioneer.org" target="_blank"><a href="http://abstractioneer.org">abstractioneer.org</a></a> / @jpanzer<br>
>> ><br>
>> ><br>
>> ><br>
>> > On Tue, Dec 8, 2009 at 10:57 AM, Peter Watkins <<a href="mailto:peterw@tux.org"><a href="mailto:peterw@tux.org">peterw@tux.org</a></a>> wrote:<br>
>> >><br>
>> >> On Tue, Dec 08, 2009 at 10:32:12AM -0800, John Panzer wrote:<br>
>> >><br>
>> >> > provide to RPs. If you send an endpoint URL to the RP instead of the<br>
>> >> > information itself, the RP can then retrieve it via a backchannel<br>
>> >> > (and<br>
>> >> > cache<br>
>> >> > it). If you have private data, use a capability URL with a token<br>
>> >> > that<br>
>> >> > allows read-only access.<br>
>> >><br>
>> >> Exactly. OpenID requests and responses are very chatty, and backchannel<br>
>> >> URLs could be an easy way to get around the 2k GET limit (the cost of<br>
>> >> course being additional time needed to make the additional HTTP<br>
>> >> requests).<br>
>> >><br>
>> >> I don't see any reason for backchannel URLs to be requested multiple<br>
>> >> times,<br>
>> >> so in addition to a request or response using strongly random nonces in<br>
>> >> the backchannel URLs, the backchannel URLs should be very short-lived,<br>
>> >> probably each side "SHOULD" allow a URL to be requested only once, and<br>
>> >> throw a 403/404 for subsequent requests.<br>
>> >><br>
>> >> Is there any draft of AX using backchannel URLs?<br>
>> >><br>
>> >> -Peter<br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > specs mailing list<br>
>> > <a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a><br>
>> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a><br>
>> ><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> --Breno<br>
>><br>
>> +1 (650) 214-1007 desk<br>
>> +1 (408) 212-0135 (Grand Central)<br>
>> MTV-41-3 : 383-A<br>
>> PST (GMT-8) / PDT(GMT-7)<br>
>> _______________________________________________<br>
>> specs mailing list<br>
>> <a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a><br>
>> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a><br>
><br>
><br>
><br>
> --<br>
> Chris Messina<br>
> Open Web Advocate<br>
><br>
> Personal: <a href="http://factoryjoe.com" target="_blank"><a href="http://factoryjoe.com">http://factoryjoe.com</a></a><br>
> Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"><a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a></a><br>
><br>
> Citizen Agency: <a href="http://citizenagency.com" target="_blank"><a href="http://citizenagency.com">http://citizenagency.com</a></a><br>
> Diso Project: <a href="http://diso-project.org" target="_blank"><a href="http://diso-project.org">http://diso-project.org</a></a><br>
> OpenID Foundation: <a href="http://openid.net" target="_blank"><a href="http://openid.net">http://openid.net</a></a><br>
><br>
> This email is: [ ] shareable [X] ask first [ ] private<br>
> _______________________________________________<br>
> specs mailing list<br>
> <a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a><br>
><br>
><br>
> _______________________________________________<br>
> specs mailing list<br>
> <a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a><br>
><br>
><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net"><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></a><br>
</div></div></blockquote></div><br></div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>specs mailing list</span><br><span><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></span><br></div></blockquote></body></html>