Idea: up-to-date business card
Peter A Trotter
peter.trotter at gmail.com
Fri Mar 16 11:57:29 CET 2007
Interesting stuff,
I checked the draft for 1.1 out:
http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
As well as the main authentication specification. Also I signed up to an IdP
and signed up to the OpenID Wiki as a test.
Whilst OpenID is lovely stuff it does not at the moment seem appropriate for
use in the way we intend. Which is pretty much what I expected in the first
place. You have to authenticate every time you go to a site thereby proving
your identity. If this authentication is successful then the IdP sends the
authorised personal information back to the site you are logging into.
So the bit that clashes with what we require is the regular user
interaction.
It would be nice to have an automated extension that allows a request for
updated information from one verifiable OpenID to another.
E.G.
http://monkeyA.com (A) ---> logs into his OpenID server and allows
http://monkeyB.com (B) to see one of his personas.
B ---> adds A to his contacts. B's Pim application then contacts A's OpenID
server for details
A's OpenID server contacts B's OpenID server requiring B to authenticate.
Now that A's OpenID server has authenticated B it sends A's persona to B's
Pim application.
I'm pretty sure there is no facility for this now. It would need to have
security aspects checked and likely be an extension to the OpenID server.
Initially it seems reasonable that if B can be authenticated and A has
agreed to share a persona...
Do you think this is worth pursuing with the people at OpenID?
-Pete
On 15/03/07, Pius A. Uzamere II <pius at alum.mit.edu> wrote:
>
> Hi there,
>
> The latest OpenID spec provides for this using the Simple Registration
> (SReg) extension. This functionality is optional for consumers and servers
> to implement. See
> http://openid.net/specs/openid-simple-registration-extension-1_0.html#response_formatfor more information.
>
> Cheers,
> Pius
>
> On 3/15/07, Steven ** <montgoss+openmokocommunity at gmail.com> wrote:
> >
> > I agree on the OpenID thing. I just got my OpenID created a couple of
> > weeks ago. It's nice not relying on any one company to store you
> > information.
> >
> > Does the OpenID spec allow for storing additional information besides
> > just your password?
> >
> > -Steven
> >
> > On 3/15/07, Peter A Trotter <peter.trotter at gmail.com> wrote:
> > > It would be ideal trying to tie this in with OpenID authentication.
> > I've not
> > > really had time to think this through fully but basically you would be
> > > replacing the one big store (Plaxo) with a distributed model.
> > >
> > > I was about to flesh that out a little but I think everyone can see
> > where I
> > > am going. PIM app on phone updates contact info when required / when
> > cheap
> > > connection is available.
> > >
> > > I need to research OpenID a bit more but I'm thinking this may be a no
> > go
> > > because you'd probably need to re authenticate to update information.
> > >
> > > Seems my brain is not really working yet this morning. I think I need
> > more
> > > information and less speculation. I leave this as food for thought...
> > >
> > > -Pete
> >
> > _______________________________________________
> > OpenMoko community mailing list
> > community at lists.openmoko.org
> > http://lists.openmoko.org/mailman/listinfo/community
> >
>
>
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20070316/7398f0ad/attachment.htm
More information about the community
mailing list
