On 3-Apr-07, at 9:18 AM, Anders Feder wrote: > * The RP can't know the status of the information it is working with - > it just have to assume that the attributes it has in store are up- > to-date.
The RP can send an "update_url" to the OP when it fetches the attributes, so it will get new values when the user changes them at the OP. > * If an OP fails to update an attribute, the RP will never know - no > fall-backs can be implemented. Fails when? On a Store request? > * The OP must donate storage space to support the distribution of > information to RP's it has no direct interest in. A malicious RP may > even exploit this storage space for own purposes. Not sure I understand this. OP's normally would not have interest in any particular RPs the User has interest in RPs :) Although it is up to the individual OP to set rules about who it wants to talk to. > * Attributes are not easily referenced to, say, sub-contractors of an > RP. The model impose limits upon the complexity of the services > that may > be derived from it. You're free to publish the RDF for the attributes you support... then they are reference-able aren't they? -Rowan _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs