<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Santosh, you're absolutely right, the Gravatar service doesn't actually have anything to do with OpenID -- but rather is the best example I can find of making profile pictures even remotely portable between sites. <div><br></div><div>What I was trying to get across was that I think it would be worthwhile to think about how something like AX might in the future be able to support transporting information about the user's preferred profile pic alongside the rest of their information.<div><br></div><div>Jonathan<br><div><br></div><div><br><div><div>On Dec 9, 2009, at 9:52 AM, Santosh Rajan wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Hi Jonathan,<div><br></div><div>I haven't seen you before around here. My apologies. I may have missed your earlier posts. Can you please explain how avatars (or gravatars) are related to OpenID?</div><div><br></div><div> Thanks</div><div>Santosh<br><br><div class="gmail_quote">On Wed, Dec 9, 2009 at 6:47 PM, Jonathan Coffman <span dir="ltr"><<a href="mailto:jonathan.coffman@gmail.com">jonathan.coffman@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word">Avatars would definitely be huge. I can't tell you how frustrating it is as a user to update my avatar on all of the hundreds of sites I may encounter that require login.<div> <br></div><div>Professionally, I've run into problems when bringing up Gravatar as a potential option... but again, that sets the bar so high that users are pretty unlikely to even go through that process.</div><div><br> </div><div><font color="#888888">Jonathan</font><div><div></div><div class="h5"><br><div><br></div><div><br><div><div>On Dec 9, 2009, at 2:09 AM, Chris Messina wrote:</div><br><blockquote type="cite"><div bgcolor="#FFFFFF"> <div>+1. I think those are the basic profile building blocks for social software. The avatar is something we particularly need for openid. <br><br>Sent from my iPhone 2G</div><div><br>On Dec 8, 2009, at 22:06, John Panzer <<a href="mailto:john@johnpanzer.com" target="_blank">john@johnpanzer.com</a>> wrote:<br> <br></div><div></div><blockquote type="cite"><div>For my use cases, the important things are, unscientifically,<div><br></div><div>1. Display name</div><div>2. Avatar / photo</div><div>3. Preferred link to human-readable online presence -- profile, blog, whatever strikes their fancy. <br> <div><br></div><div><br><br><div class="gmail_quote">On Tue, Dec 8, 2009 at 8:38 PM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com" target="_blank"></a><a href="mailto:recordond@gmail.com" target="_blank">recordond@gmail.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I'm sure that the data is wildly out of date, but at the time the SREG<br> fields (<a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank"></a><a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format" target="_blank">http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_format</a>)<br> were based on looking at what a few hundred different sites were<br> asking for.<br> <br> I unscientifically think that the extremely common stuff is:<br> - Name<br> - Avatar / photo<br> - Email address<br> <br> Scientifically, we should actually put some effort into looking at<br> sign in pages again. :)<br> <font color="#888888"><br> --David<br> </font><div><div></div><div><br> On Tue, Dec 8, 2009 at 7:59 PM, Jonathan Coffman<br> <<a href="mailto:jonathan.coffman@gmail.com" target="_blank"></a><a href="mailto:jonathan.coffman@gmail.com" target="_blank">jonathan.coffman@gmail.com</a>> wrote:<br> > Out of curiosity, beyond the email discussion below what are the primary<br> > metadata needs around the other major (PoCo) fields?<br> > Speaking to the use-cases I work off of here at PBS, I'm primarily concerned<br> > about emails being verified (and a signup date is also useful) and am most<br> > inclined to trust the OP (especially if it were a white-listed or otherwise<br> > vetted iDP).<br> > Jonathan<br> ><br> > On Dec 8, 2009, at 2:17 PM, Chris Messina wrote:<br> ><br> > Is it worth looking at how Facebook handles the passing of profile data? Or<br> > is their architecture/use case different?<br> ><br> > <a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank"></a><a href="http://wiki.developers.facebook.com/index.php/Users.getInfo" target="_blank">http://wiki.developers.facebook.com/index.php/Users.getInfo</a><br> > On Tue, Dec 8, 2009 at 11:08 AM, Breno de Medeiros <<a href="mailto:breno@google.com" target="_blank"></a><a href="mailto:breno@google.com" target="_blank">breno@google.com</a>> wrote:<br> >><br> >> On Tue, Dec 8, 2009 at 11:01 AM, John Panzer <<a href="mailto:jpanzer@google.com" target="_blank"></a><a href="mailto:jpanzer@google.com" target="_blank">jpanzer@google.com</a>> wrote:<br> >> > For "one-time" URLs, you'd probably want to allow for retries for a<br> >> > short<br> >> > period (or just allow it to be accessed for say 5m) which would have<br> >> > approximately the same level of protection.<br> >> > You could also imagine long-lived capabilities along the lines of OAuth<br> >> > tokens that allow RPs to repeatedly refresh the data as needed. (Better<br> >> > of<br> >> > course if they can subscribe to changes, but that's an implementation<br> >> > detail<br> >> > and definitely a separate spec.)<br> >> > Given that AX already supports requesting URL-valued data (e.g., profile<br> >> > photos) I think this just comes down to defining a fairly complicated<br> >> > data<br> >> > type for AX and passing a URL around.<br> >><br> >> A more lightweight alternative is to adopt an 'artifact' mode where<br> >> most of the OpenID assertion (request and response) can be passed in<br> >> the backchannel. That is a bit more difficult to implement but easier<br> >> to spec (because the existing URLs can be used) and more general<br> >> (compacts all extensions, not only AX).<br> >><br> >> > --<br> >> > John Panzer / Google<br> >> > <a href="mailto:jpanzer@google.com" target="_blank"></a><a href="mailto:jpanzer@google.com" target="_blank">jpanzer@google.com</a> / <a href="http://abstractioneer.org" target="_blank"></a><a href="http://abstractioneer.org" target="_blank">abstractioneer.org</a> / @jpanzer<br> >> ><br> >> ><br> >> ><br> >> > On Tue, Dec 8, 2009 at 10:57 AM, Peter Watkins <<a href="mailto:peterw@tux.org" target="_blank"></a><a href="mailto:peterw@tux.org" target="_blank">peterw@tux.org</a>> wrote:<br> >> >><br> >> >> On Tue, Dec 08, 2009 at 10:32:12AM -0800, John Panzer wrote:<br> >> >><br> >> >> > provide to RPs. If you send an endpoint URL to the RP instead of the<br> >> >> > information itself, the RP can then retrieve it via a backchannel<br> >> >> > (and<br> >> >> > cache<br> >> >> > it). If you have private data, use a capability URL with a token<br> >> >> > that<br> >> >> > allows read-only access.<br> >> >><br> >> >> Exactly. OpenID requests and responses are very chatty, and backchannel<br> >> >> URLs could be an easy way to get around the 2k GET limit (the cost of<br> >> >> course being additional time needed to make the additional HTTP<br> >> >> requests).<br> >> >><br> >> >> I don't see any reason for backchannel URLs to be requested multiple<br> >> >> times,<br> >> >> so in addition to a request or response using strongly random nonces in<br> >> >> the backchannel URLs, the backchannel URLs should be very short-lived,<br> >> >> probably each side "SHOULD" allow a URL to be requested only once, and<br> >> >> throw a 403/404 for subsequent requests.<br> >> >><br> >> >> Is there any draft of AX using backchannel URLs?<br> >> >><br> >> >> -Peter<br> >> ><br> >> ><br> >> > _______________________________________________<br> >> > specs mailing list<br> >> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> >> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> >> ><br> >> ><br> >><br> >><br> >><br> >> --<br> >> --Breno<br> >><br> >> +1 (650) 214-1007 desk<br> >> +1 (408) 212-0135 (Grand Central)<br> >> MTV-41-3 : 383-A<br> >> PST (GMT-8) / PDT(GMT-7)<br> >> _______________________________________________<br> >> specs mailing list<br> >> <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> >> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> ><br> > --<br> > Chris Messina<br> > Open Web Advocate<br> ><br> > Personal: <a href="http://factoryjoe.com" target="_blank"></a><a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br> > Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank"></a><a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br> ><br> > Citizen Agency: <a href="http://citizenagency.com" target="_blank"></a><a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br> > Diso Project: <a href="http://diso-project.org" target="_blank"></a><a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br> > OpenID Foundation: <a href="http://openid.net" target="_blank"></a><a href="http://openid.net" target="_blank">http://openid.net</a><br> ><br> > This email is: [ ] shareable [X] ask first [ ] private<br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> > _______________________________________________<br> > specs mailing list<br> > <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> > <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> ><br> ><br> _______________________________________________<br> specs mailing list<br> <a href="mailto:specs@lists.openid.net" target="_blank"></a><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank"></a><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> </div></div></blockquote></div><br></div></div> </div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>specs mailing list</span><br><span><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a></span><br> <span><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a></span><br></div></blockquote></div>_______________________________________________<br> specs mailing list<br><a href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> </blockquote></div><br></div></div></div></div></div><br>_______________________________________________<br> specs mailing list<br> <a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br> <br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br> </div></blockquote></div><br></div></div></div></body></html>