[foaf-protocols] [OpenID] making OpenId RESTful

Story Henry henry.story at bblfish.net
Thu Jan 21 11:06:05 CET 2010


On 21 Jan 2010, at 09:50, Story Henry wrote:

> On 21 Jan 2010, at 09:07, Melvin Carvalho wrote:
> 
>>> A longer term and more scalable approach would be to define an Artifact
>>> Binding for OpenID - where an artifact (aka a short token) is returned to
>>> the RP in lieu of the AX data. The RP then makes a backend direct server
>>> call back to the OP with the Artifact to get the actual data. Only the
>>> artifact is sent on the browser redirect.
> 
> This sounds like what I was suggesting in "Making OpenId RESTful" [1] that started this thread.
> 
> Essentially the OpenId provider returns a URL as part of the attribute exchange that goes through the user's browser. The intent of that URL is that it point to a resource where  more information about the user is located. This URL could indeed be a bitly url. 
> 
>> Interesting idea, though it adds another connection, it may be worth it.  In
>> this case you could be agnostic of the data format, returning key/value
>> pairs, FOAF/RDF or ATOM as necessary.
> 
> Indeed the web server at that URL can do content negotiation to serve back the URL most desired by the client (The Relying party in this case)

I meant:

"Indeed the web server serving up content for that URL - owned by the IDP, but not necessarily -  can do content negotiation to serve back a representation most desired by the client (The Relying party in this case)"


> 
> 	Henry
> 
> 
> [1] http://lists.foaf-project.org/pipermail/foaf-protocols/2010-January/001477.html



More information about the foaf-protocols mailing list