[foaf-protocols] [OpenID] making OpenId RESTful
henry.story at bblfish.net
Thu Jan 21 11:06:05 CET 2010
On 21 Jan 2010, at 09:50, Story Henry wrote:
> On 21 Jan 2010, at 09:07, Melvin Carvalho wrote:
>>> A longer term and more scalable approach would be to define an Artifact
>>> Binding for OpenID - where an artifact (aka a short token) is returned to
>>> the RP in lieu of the AX data. The RP then makes a backend direct server
>>> call back to the OP with the Artifact to get the actual data. Only the
>>> artifact is sent on the browser redirect.
> This sounds like what I was suggesting in "Making OpenId RESTful"  that started this thread.
> Essentially the OpenId provider returns a URL as part of the attribute exchange that goes through the user's browser. The intent of that URL is that it point to a resource where more information about the user is located. This URL could indeed be a bitly url.
>> Interesting idea, though it adds another connection, it may be worth it. In
>> this case you could be agnostic of the data format, returning key/value
>> pairs, FOAF/RDF or ATOM as necessary.
> Indeed the web server at that URL can do content negotiation to serve back the URL most desired by the client (The Relying party in this case)
"Indeed the web server serving up content for that URL - owned by the IDP, but not necessarily - can do content negotiation to serve back a representation most desired by the client (The Relying party in this case)"
>  http://lists.foaf-project.org/pipermail/foaf-protocols/2010-January/001477.html
More information about the foaf-protocols