<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Avatars would definitely be huge. I can't tell you how frustrating it is as a user to update my avatar on all of the hundreds of sites I may encounter that require login.<div><br></div><div>Professionally, I've run into problems when bringing up Gravatar as a potential option... but again, that sets the bar so high that users are pretty unlikely to even go through that process.</div><div><br></div><div>Jonathan<br><div><br></div><div><br><div><div>On Dec 9, 2009, at 2:09 AM, Chris Messina wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div bgcolor="#FFFFFF"><div>+1. I think those are the basic profile building blocks for social software. The avatar is something we particularly need for openid. <br><br>Sent from my iPhone 2G</div><div><br>On Dec 8, 2009, at 22:06, John Panzer <<a href="mailto:john@johnpanzer.com">john@johnpanzer.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>For my use cases, the important things are, unscientifically,<div><br></div><div>1. Display name</div><div>2. Avatar / photo</div><div>3. Preferred link to human-readable online presence -- profile, blog, whatever strikes their fancy. <br> <div><br></div><div><br><br><div class="gmail_quote">On Tue, Dec 8, 2009 at 8:38 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com"></a><a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> I'm sure that the data is wildly out of date, but at the time the SREG<br> fields (<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank"></a><a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format">http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format</a>)<br> were based on looking at what a few hundred different sites were<br> asking for.<br> <br> I unscientifically think that the extremely common stuff is:<br> - Name<br> - Avatar / photo<br> - Email address<br> <br> Scientifically, we should actually put some effort into looking at<br> sign in pages again. :)<br> <font color="#888888"><br> --David<br> </font><div><div></div><div class="h5"><br> On Tue, Dec 8, 2009 at 7:59 PM, Jonathan Coffman<br> <<a href="mailto:jonathan.coffman@gmail.com"></a><a href="mailto:jonathan.coffman@gmail.com">jonathan.coffman@gmail.com</a>> wrote:<br> > Out of curiosity, beyond the email discussion below what are the primary<br> > metadata needs around the other major (PoCo) fields?<br> > Speaking to the use-cases I work off of here at PBS, I'm primarily concerned<br> > about emails being verified (and a signup date is also useful) and am most<br> > inclined to trust the OP (especially if it were a white-listed or otherwise<br> > vetted iDP).<br> > Jonathan<br> ><br> > On Dec 8, 2009, at 2:17 PM, Chris Messina wrote:<br> ><br> > Is it worth looking at how Facebook handles the passing of profile data? Or<br> > is their architecture/use case different?<br> ><br> > <a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank"></a><a href="http://wiki.developers.facebook.com/index.php/Users.getInfo">http://wiki.developers.facebook.com/index.php/Users.getInfo</a><br> > On Tue, Dec 8, 2009 at 11:08 AM, Breno de Medeiros <<a href="mailto:breno@google.com"></a><a href="mailto:breno@google.com">breno@google.com</a>> wrote:<br> >><br> >> On Tue, Dec 8, 2009 at 11:01 AM, John Panzer <<a href="mailto:jpanzer@google.com"></a><a href="mailto:jpanzer@google.com">jpanzer@google.com</a>> wrote:<br> >> > For "one-time" URLs, you'd probably want to allow for retries for a<br> >> > short<br> >> > period (or just allow it to be accessed for say 5m) which would have<br> >> > approximately the same level of protection.<br> >> > You could also imagine long-lived capabilities along the lines of OAuth<br> >> > tokens that allow RPs to repeatedly refresh the data as needed. (Better<br> >> > of<br> >> > course if they can subscribe to changes, but that's an implementation<br> >> > detail<br> >> > and definitely a separate spec.)<br> >> > Given that AX already supports requesting URL-valued data (e.g., profile<br> >> > photos) I think this just comes down to defining a fairly complicated<br> >> > data<br> >> > type for AX and passing a URL around.<br> >><br> >> A more lightweight alternative is to adopt an 'artifact' mode where<br> >> most of the OpenID assertion (request and response) can be passed in<br> >> the backchannel. That is a bit more difficult to implement but easier<br> >> to spec (because the existing URLs can be used) and more general<br> >> (compacts all extensions, not only AX).<br> >><br> >> > --<br> >> > John Panzer / Google<br> >> > <a href="mailto:jpanzer@google.com"></a><a href="mailto:jpanzer@google.com">jpanzer@google.com</a> / <a href="http://abstractioneer.org" target="_blank"></a><a href="http://abstractioneer.org">abstractioneer.org</a> / @jpanzer<br> >> ><br> >> ><br> >> ><br> >> > On Tue, Dec 8, 2009 at 10:57 AM, Peter Watkins <<a href="mailto:peterw@tux.org"></a><a href="mailto:peterw@tux.org">peterw@tux.org</a>> wrote:<br> >> >><br> >> >> On Tue, Dec 08, 2009 at 10:32:12AM -0800, John Panzer wrote:<br> >> >><br> >> >> > provide to RPs. If you send an endpoint URL to the RP instead of the<br> >> >> > information itself, the RP can then retrieve it via a backchannel<br> >> >> > (and<br> >> >> > cache<br> >> >> > it). If you have private data, use a capability URL with a token<br> >> >> > that<br> >> >> > allows read-only access.<br> >> >><br> >> >> Exactly. OpenID requests and responses are very chatty, and backchannel<br> >> >> URLs could be an easy way to get around the 2k GET limit (the cost of<br> >> >> course being additional time needed to make the additional HTTP<br> >> >> requests).<br> >> >><br> >> >> I don't see any reason for backchannel URLs to be requested multiple<br> >> >> times,<br> >> >> so in addition to a request or response using strongly random nonces in<br> >> >> the backchannel URLs, the backchannel URLs should be very short-lived,<br> >> >> probably each side "SHOULD" allow a URL to be requested only once, and<br> >> >> throw a 403/404 for subsequent requests.<br> >> >><br> >> >> Is there any draft of AX using backchannel URLs?<br> >> >><br> >> >> -Peter<br> >> ><br> >> ><br> >> > _______________________________________________<br> >> > specs mailing list<br> >> > <a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> >> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> >> ><br> >> ><br> >><br> >><br> >><br> >> --<br> >> --Breno<br> >><br> >> +1 (650) 214-1007 desk<br> >> +1 (408) 212-0135 (Grand Central)<br> >> MTV-41-3 : 383-A<br> >> PST (GMT-8) / PDT(GMT-7)<br> >> _______________________________________________<br> >> specs mailing list<br> >> <a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> >> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> ><br> > --<br> > Chris Messina<br> > Open Web Advocate<br> ><br> > Personal: <a href="http://factoryjoe.com" target="_blank"></a><a href="http://factoryjoe.com">http://factoryjoe.com</a><br> > Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a><br> ><br> > Citizen Agency: <a href="http://citizenagency.com" target="_blank"></a><a href="http://citizenagency.com">http://citizenagency.com</a><br> > Diso Project: <a href="http://diso-project.org" target="_blank"></a><a href="http://diso-project.org">http://diso-project.org</a><br> > OpenID Foundation: <a href="http://openid.net" target="_blank"></a><a href="http://openid.net">http://openid.net</a><br> ><br> > This email is: [ ] shareable [X] ask first [ ] private<br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> _______________________________________________<br> specs mailing list<br> <a href="mailto:specs@lists.openid.net"></a><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> </div></div></blockquote></div><br></div></div> </div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>specs mailing list</span><br><span><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a></span><br><span><a href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></span><br></div></blockquote></div>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>http://lists.openid.net/mailman/listinfo/openid-specs<br></blockquote></div><br></div></div></body></html>