On 21 Jan 2010, at 09:50, Story Henry wrote: > On 21 Jan 2010, at 09:07, Melvin Carvalho wrote: > >>> A longer term and more scalable approach would be to define an Artifact >>> Binding for OpenID - where an artifact (aka a short token) is returned to >>> the RP in lieu of the AX data. The RP then makes a backend direct server >>> call back to the OP with the Artifact to get the actual data. Only the >>> artifact is sent on the browser redirect. > > This sounds like what I was suggesting in "Making OpenId RESTful" [1] that > started this thread. > > Essentially the OpenId provider returns a URL as part of the attribute > exchange that goes through the user's browser. The intent of that URL is that > it point to a resource where more information about the user is located. > This URL could indeed be a bitly url. > >> Interesting idea, though it adds another connection, it may be worth it. In >> this case you could be agnostic of the data format, returning key/value >> pairs, FOAF/RDF or ATOM as necessary. > > Indeed the web server at that URL can do content negotiation to serve back > the URL most desired by the client (The Relying party in this case)
I meant: "Indeed the web server serving up content for that URL - owned by the IDP, but not necessarily - can do content negotiation to serve back a representation most desired by the client (The Relying party in this case)" > > Henry > > > [1] > http://lists.foaf-project.org/pipermail/foaf-protocols/2010-January/001477.html _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
