I can't provide a totally worked out example. But there are a lot of attributes floating around -- including attributes on attributes, now -- and it seems like it would be useful and valuable to be able to package them up into semantically meaningful 'profiles' -- public contact information, private contact information, full read-only profile -- which you could provide to RPs.
+1
If you have private data, use a capability URL with a token that allows read-only access.
If you have a dynamic page there, you can even serve up different data sets to different tokens, transparently, so that 3rd parties *think* they are getting your full data even when you're actually withholding some from them.
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
