I can't provide a totally worked out example. But there are a lot of attributes floating around -- including attributes on attributes, now -- and it seems like it would be useful and valuable to be able to package them up into semantically meaningful 'profiles' -- public contact information, private contact information, full read-only profile -- which you could provide to RPs. If you send an endpoint URL to the RP instead of the information itself, the RP can then retrieve it via a backchannel (and cache it). If you have private data, use a capability URL with a token that allows read-only access.
Then you have much more freedom in how to represent the data on the other end -- you can use PoCo or AX name/value pairs -- and you're not limited to 2K or a bad user experience. Plus, you can access the same information the same way even if not using an OpenID session to kick off the attribute exchange. -- John Panzer / Google [email protected] / abstractioneer.org / @jpanzer On Mon, Dec 7, 2009 at 8:43 PM, Chris Messina <[email protected]>wrote: > Can you provide an example? > > > On Mon, Dec 7, 2009 at 8:42 PM, John Panzer <[email protected]> wrote: > >> Would a single capability URL to a PoCo endpoint for the user - a >> single attribute - be a reasonable idea? >> >> On Monday, December 7, 2009, Chris Messina <[email protected]> >> wrote: >> > Sounds like something to add to PoCo... perhaps something as simple as a >> "verified" boolean added to email addresses? >> > http://portablecontacts.net/draft-schema.html#anchor4 >> > >> > Chris >> > >> > On Mon, Dec 7, 2009 at 8:25 PM, Brian Kissel <[email protected]> >> wrote: >> > >> > +1 on email address metadata, many RPs definitely want this. >> > >> > Cheers, >> > >> > Brian >> > ___________ >> > >> > Brian Kissel >> > CEO, JanRain - WebID and Social Publishing for User Engagement >> > Email: [email protected] Cell: 503.866.4424 Fax: 503.296.5502 >> > >> > >> > -----Original Message----- >> > From: [email protected] [mailto: >> [email protected]] On Behalf Of Allen Tom >> > Sent: Monday, December 07, 2009 7:46 PM >> > To: Peter Watkins; Chris Obdam; [email protected] >> > Subject: Re: Yahoo available AX attrs >> > >> > Oops - I clicked send too early. >> > >> > The bad UX with AX is the security warning that most browsers display >> when >> > POSTing a form from HTTPS to HTTP, which is the case when the Yahoo OP >> > returns a lot of attributes. AX attribute names are excessively long, so >> > it's very likely that using different attribute names for >> first/last/middle >> > name will cause the response to be returned via POST. (2KB is the cutoff >> > point) >> > >> > With regards to email address - unless we're 100% sure about the email >> > address, we'd like to return metadata about the email address. >> Specifically, >> > we'd like to indicate whether or not the email address was verified, and >> if >> > so, when it was verified. This is definitely something that we'd like to >> get >> > in to AX 2.0. >> > >> > Allen >> > >> > >> > >> > On 12/7/09 7:39 PM, "Allen Tom" <[email protected]> wrote: >> > >> >> It definitely makes sense to use different attributes for >> givennanme/surname >> >> so that RPs don't have to parse the string, and a few other RPs have >> also >> >> asked for it. Our initial goal for our AX implementation was just to >> match >> >> SREG, and SREG only has a single openid.sreg.fullname attribute. >> >> >> >> We'll add support for separate first/last/middle/suffix attributes in a >> >> followup release - probably early next year. I do hope that we're able >> to >> >> standardize the attribute names, and also keep them short and compact. >> If you >> >> ask for all our supported attributes, the response will exceed 2KB, >> which >> >> requires that the response is returned via POST, causing a really bad >> UX. >> >> >> >> With regards to email address - we'd like to be able to return metadata >> about >> >> the email address w >> >> >> >> >> >> >> >> On 12/7/09 7:25 AM, "Peter Watkins" <[email protected]> wrote: >> >> >> >>> On Mon, Dec 07, 2009 at 09:16:46AM +0100, Chris Obdam wrote: >> >>>>> Chris (Obdam) - which additional attributes would you like to see >> >>>>> available? The attributes that we¹ll be adding early next year will >> include >> >>>>> Yahoo Profile URL and account creation date. A bunch of people have >> asked >> >>>>> for Flickr Photos URL and Upcoming Profile URL, so we¹ll probably >> get >> >>>>> around >> >>>>> to adding those too. >> >>>> I would like to access every attr specified in de AXschema? :-) >> >>>> >> >>>> In my Yahoo profile i have provided my address (home and work). I >> would like >> >>>> to use those in a sign form somewhere else. >> >>>> Same goes for my phone numbers. >> >>> >> >>> So would I. One of the simpler goals of our Single Sign On is >> prepopulating >> >>> form fields; having postal address and phone number would be a help. >> >>> >> >>> I'd also like to see First and Last names available as separate >> attributes, >> >>> otherwise we're trying to intelligently split both "Mary Jane Parker" >> and >> >>> "Malcom Mac Murray". >> >>> >> >>> Also I would prefer that you give us the user's *primary* email >> address. In >> >>> my Yahoo profile, my Yahoo email address is flagged as "Share with no >> one" >> >>> and I have a different email address flagged as primary, but your AX >> sends >> >>> my yahoo email address. Th-- >> > Chris Messina >> > Open Web Advocate >> > >> > Personal: http://factoryjoe.com >> > Follow me on Twitter: http://twitter.com/chrismessina >> > >> > Citizen Agency: http://citizenagency.com >> > Diso Project: http://diso-project.org >> > OpenID Foundation: http://openid.net >> > >> > This email is: [ ] shareable [X] ask first [ ] private >> > >> > >> >> -- >> -- >> John Panzer / Google >> [email protected] / abstractioneer.org / @jpanzer >> > > > > -- > Chris Messina > Open Web Advocate > > Personal: http://factoryjoe.com > Follow me on Twitter: http://twitter.com/chrismessina > > Citizen Agency: http://citizenagency.com > Diso Project: http://diso-project.org > OpenID Foundation: http://openid.net > > This email is: [ ] shareable [X] ask first [ ] private >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
