Yes, in OpenID 2.0 the identifiers are optional so an extension could provide all the functionality. Eg . Attribute Exchange could be used to move attributes without authenticating.
-- Dick On 2009-08-13, at 7:34 AM, "James Henstridge" <[email protected]> wrote: > On Thu, Aug 13, 2009 at 8:05 AM, Nat Sakimura<[email protected]> > wrote: >> I blogged bout the subject here: >> http://www.sakimura.org/en/modules/wordpress/index.php?p=91 >> >> What would be the consensus here? > > My reading of the spec (and what I believe is the author's intent) is > that OpenID extensions do indeed piggyback on an authentication > request. The note about including the extension's type URI in XRDS is > a way that an OpenID provider can advertise support for the extension. > > Note that in OpenID 2.0, sending openid.identifier in an > authentication request is optional. So you could potentially use an > extension without actually authenticating as a particular user. From > section 9.1: > > """ > "openid.claimed_id" and "openid.identity" SHALL be either both present > or both absent. If neither value is present, the assertion is not > about an identifier, and will contain other information in its > payload, using extensions (Extensions). > """ > > James. > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
