Exchanging attributes, but not with indirect communication...
3 views
Skip to first unread message
zellyn
May 5, 2008, 12:12:05 PM5/5/08
to axschema
Please direct me to the correct place for these questions if this
isn't it - they're not schema-related, but I didn't see an attribute-
exchange specific mailing list.
1. Is there a way for RPs to make direct connections to OPs to
retrieve or store attributes? I see that the OP can push updated
attributes out to RPs, but I see no way for OPs to retrieve or store
attributes outside of indirect communication used during the "login
dance". For my use case, I can only get an SSL cert for the OP, not
the RP, so I'd like to fetch the AX attributes over https, by having
the RP request them directly after the indirect-communication login
dance is over. Otherwise the OP would be posting name, address, etc.
back over an unsecured channel. I can certainly make non-OpenID
fetches from the RP to OP after the login dance is over, but I'd like
to keep everything OpenID+AX.
2. Alternatively, how about encrypting the exchanged attributes? I
guess this might be more of an OpenID extension question, not specific
to the AX extension.
Any ideas?
Thanks,
Zellyn Hunter
Atlanta Journal-Constitution - ajc.com
isn't it - they're not schema-related, but I didn't see an attribute-
exchange specific mailing list.
1. Is there a way for RPs to make direct connections to OPs to
retrieve or store attributes? I see that the OP can push updated
attributes out to RPs, but I see no way for OPs to retrieve or store
attributes outside of indirect communication used during the "login
dance". For my use case, I can only get an SSL cert for the OP, not
the RP, so I'd like to fetch the AX attributes over https, by having
the RP request them directly after the indirect-communication login
dance is over. Otherwise the OP would be posting name, address, etc.
back over an unsecured channel. I can certainly make non-OpenID
fetches from the RP to OP after the login dance is over, but I'd like
to keep everything OpenID+AX.
2. Alternatively, how about encrypting the exchanged attributes? I
guess this might be more of an OpenID extension question, not specific
to the AX extension.
Any ideas?
Thanks,
Zellyn Hunter
Atlanta Journal-Constitution - ajc.com
Reply all
Reply to author
Forward
0 new messages