Hi Jonathan,<div><br></div><div>I haven't seen you before around here. My apologies. I may have missed your earlier posts. Can you please explain how avatars (or gravatars) are related to OpenID?</div><div><br></div><div>
Thanks</div><div>Santosh<br><br><div class="gmail_quote">On Wed, Dec 9, 2009 at 6:47 PM, Jonathan Coffman <span dir="ltr"><<a href="mailto:jonathan.coffman@gmail.com">jonathan.coffman@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word">Avatars would definitely be huge. I can't tell you how frustrating it is as a user to update my avatar on all of the hundreds of sites I may encounter that require login.<div>
<br></div><div>Professionally, I've run into problems when bringing up Gravatar as a potential option... but again, that sets the bar so high that users are pretty unlikely to even go through that process.</div><div><br>
</div><div><font color="#888888">Jonathan</font><div><div></div><div class="h5"><br><div><br></div><div><br><div><div>On Dec 9, 2009, at 2:09 AM, Chris Messina wrote:</div><br><blockquote type="cite"><div bgcolor="#FFFFFF">
<div>+1. I think those are the basic profile building blocks for social software. The avatar is something we particularly need for openid. <br><br>Sent from my iPhone 2G</div><div><br>On Dec 8, 2009, at 22:06, John Panzer <<a href="mailto:john@johnpanzer.com" target="_blank">john@johnpanzer.com</a>> wrote:<br>
<br></div><div></div><blockquote type="cite"><div>For my use cases, the important things are, unscientifically,<div><br></div><div>1. Display name</div><div>2. Avatar / photo</div><div>3. Preferred link to human-readable online presence -- profile, blog, whatever strikes their fancy. <br>
<div><br></div><div><br><br><div class="gmail_quote">On Tue, Dec 8, 2009 at 8:38 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com" target="_blank"></a><a href="mailto:recordond@gmail.com" target="_blank">recordond@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I'm sure that the data is wildly out of date, but at the time the SREG<br> fields (<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank"></a><a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank">http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format</a>)<br>
were based on looking at what a few hundred different sites were<br> asking for.<br> <br> I unscientifically think that the extremely common stuff is:<br> - Name<br> - Avatar / photo<br> - Email address<br> <br> Scientifically, we should actually put some effort into looking at<br>
sign in pages again. :)<br> <font color="#888888"><br> --David<br> </font><div><div></div><div><br> On Tue, Dec 8, 2009 at 7:59 PM, Jonathan Coffman<br> <<a href="mailto:jonathan.coffman@gmail.com" target="_blank"></a><a href="mailto:jonathan.coffman@gmail.com" target="_blank">jonathan.coffman@gmail.com</a>> wrote:<br>
> Out of curiosity, beyond the email discussion below what are the primary<br> > metadata needs around the other major (PoCo) fields?<br> > Speaking to the use-cases I work off of here at PBS, I'm primarily concerned<br>
> about emails being verified (and a signup date is also useful) and am most<br> > inclined to trust the OP (especially if it were a white-listed or otherwise<br> > vetted iDP).<br> > Jonathan<br> ><br> > On Dec 8, 2009, at 2:17 PM, Chris Messina wrote:<br>
><br> > Is it worth looking at how Facebook handles the passing of profile data? Or<br> > is their architecture/use case different?<br> ><br> > <a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank"></a><a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank">http://wiki.developers.facebook.com/index.php/Users.getInfo</a><br>
> On Tue, Dec 8, 2009 at 11:08 AM, Breno de Medeiros <<a href="mailto:breno@google.com" target="_blank"></a><a href="mailto:breno@google.com" target="_blank">breno@google.com</a>> wrote:<br> >><br> >> On Tue, Dec 8, 2009 at 11:01 AM, John Panzer <<a href="mailto:jpanzer@google.com" target="_blank"></a><a href="mailto:jpanzer@google.com" target="_blank">jpanzer@google.com</a>> wrote:<br>
>> > For "one-time" URLs, you'd probably want to allow for retries for a<br> >> > short<br> >> > period (or just allow it to be accessed for say 5m) which would have<br> >> > approximately the same level of protection.<br>
>> > You could also imagine long-lived capabilities along the lines of OAuth<br> >> > tokens that allow RPs to repeatedly refresh the data as needed. (Better<br> >> > of<br> >> > course if they can subscribe to changes, but that's an implementation<br>
>> > detail<br> >> > and definitely a separate spec.)<br> >> > Given that AX already supports requesting URL-valued data (e.g., profile<br> >> > photos) I think this just comes down to defining a fairly complicated<br>
>> > data<br> >> > type for AX and passing a URL around.<br> >><br> >> A more lightweight alternative is to adopt an 'artifact' mode where<br> >> most of the OpenID assertion (request and response) can be passed in<br>
>> the backchannel. That is a bit more difficult to implement but easier<br> >> to spec (because the existing URLs can be used) and more general<br> >> (compacts all extensions, not only AX).<br> >><br>
>> > --<br> >> > John Panzer / Google<br> >> > <a href="mailto:jpanzer@google.com" target="_blank"></a><a href="mailto:jpanzer@google.com" target="_blank">jpanzer@google.com</a> / <a href="http://abstractioneer.org" target="_blank"></a><a href="http://abstractioneer.org" target="_blank">abstractioneer.org</a> / @jpanzer<br>
>> ><br> >> ><br> >> ><br> >> > On Tue, Dec 8, 2009 at 10:57 AM, Peter Watkins <<a href="mailto:peterw@tux.org" target="_blank"></a><a href="mailto:peterw@tux.org" target="_blank">peterw@tux.org</a>> wrote:<br>
>> >><br> >> >> On Tue, Dec 08, 2009 at 10:32:12AM -0800, John Panzer wrote:<br> >> >><br> >> >> > provide to RPs. If you send an endpoint URL to the RP instead of the<br>
>> >> > information itself, the RP can then retrieve it via a backchannel<br> >> >> > (and<br> >> >> > cache<br> >> >> > it). If you have private data, use a capability URL with a token<br>
>> >> > that<br> >> >> > allows read-only access.<br> >> >><br> >> >> Exactly. OpenID requests and responses are very chatty, and backchannel<br> >> >> URLs could be an easy way to get around the 2k GET limit (the cost of<br>
>> >> course being additional time needed to make the additional HTTP<br> >> >> requests).<br> >> >><br> >> >> I don't see any reason for backchannel URLs to be requested multiple<br>
>> >> times,<br> >> >> so in addition to a request or response using strongly random nonces in<br> >> >> the backchannel URLs, the backchannel URLs should be very short-lived,<br> >> >> probably each side "SHOULD" allow a URL to be requested only once, and<br>
>> >> throw a 403/404 for subsequent requests.<br> >> >><br> >> >> Is there any draft of AX using backchannel URLs?<br> >> >><br> >> >> -Peter<br> >> ><br>
>> ><br> >> > _______________________________________________<br> >> > specs mailing list<br> >> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
>> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
>> ><br> >> ><br> >><br> >><br> >><br> >> --<br> >> --Breno<br> >><br> >> +1 (650) 214-1007 desk<br> >> +1 (408) 212-0135 (Grand Central)<br> >> MTV-41-3 : 383-A<br>
>> PST (GMT-8) / PDT(GMT-7)<br> >> _______________________________________________<br> >> specs mailing list<br> >> <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
>> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
><br> ><br> ><br> > --<br> > Chris Messina<br> > Open Web Advocate<br> ><br> > Personal: <a href="http://factoryjoe.com" target="_blank"></a><a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br>
> Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br> ><br> > Citizen Agency: <a href="http://citizenagency.com" target="_blank"></a><a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br>
> Diso Project: <a href="http://diso-project.org" target="_blank"></a><a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br> > OpenID Foundation: <a href="http://openid.net" target="_blank"></a><a href="http://openid.net" target="_blank">http://openid.net</a><br>
><br> > This email is: [ ] shareable [X] ask first [ ] private<br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
><br> ><br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
><br> ><br> _______________________________________________<br> specs mailing list<br> <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</div></div></blockquote></div><br></div></div> </div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>specs mailing list</span><br><span><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a></span><br>
<span><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a></span><br></div></blockquote></div>_______________________________________________<br>
specs mailing list<br><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</blockquote></div><br></div></div></div></div></div><br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>
</div>