Implemented OpenID... why?
jernst+lists.danga.com at netmesh.us
Sat Apr 29 03:46:00 UTC 2006
The Yadis idea is to augment the capabilities of OpenID with an open
and extensible set of additional services that, collectively, should
answer your question.
As you may know, this is the mailing list for both Yadis and OpenID.
OpenID sign-on -- like any other form of sign-on -- does exactly
that, and no more.
That's a feature, not a bug, because it means it's modular and not
too many things are packed into the same kitchen sink.
If you want relying parties to be able to obtain first and last name
etc. from the identity host, you need some mechanism for "profile"
exchange. You have several choices:
- string your own and advertise it in the Yadis file that goes with
your OpenID URL, potentially re-using VCard / FOAF etc. (as you like)
- use the about-to-be defined simple registration service type,
which may or may not be sufficient for what you have in mind
- use LID VCard queries (see http://lid.netmesh.org/ ), which is
Having choices again is a feature, not a bug: there is no agreement
so far in the industry whether the information should be pushed or
pulled (see the archives on this list, for example), whether it
should be XML or not, even what exactly constitutes a First and Last
Name (in some cultures). [I personally have an opinion, which is why
we did LID VCard queries, but you can find plenty people who have
different ideas, I want to be fair ...]
Obtaining e-mail addresses may be another topic: for one, people
don't like to hand out e-mail addresses any more, certainly not to
some automated piece of software that may then pass them along to
"everybody" (the end user can't really tell). But it may be that your
requirement really isn't to get your users' e-mail addresses, but
that you can send them e-mail e.g. for something like notifying them
of price increases or decreases ;-) You can solve that requirement by
making e-mail address part of the "profile", or you can create a
different Yadis service for the same identity URL:
we did exactly that for mylid.net -- which hosts LID and OpenID
identity URLs -- and which allows URL owner A to send an
authenticated message to URL owner B. Authenticating through the same
SSO as if the client was a web browser instead of a script sending
messages. Maybe that's the protocol you are looking for? You can then
automatically verify that incoming messages were indeed sent by who
said sent them (no fake sender addresses, white / black / etc.
listing) and forward them to e-mail, for example.
So the short answer is: you are right.
However, that's why so many people on this list have been taking it
beyond OpenID to Yadis. And you found the community in which you can
contribute making sure that your requirements are being addressed ...
and you can build on their work, without being constrained by what
one vendor defined ex cathedra ;-)
If you are at IIW Monday-Wed, corner some of us who'll be there to
On Apr 28, 2006, at 19:42, Thom McGrath wrote:
> I just completed implementation of an OpenID server (this is home-
> grown, not a standard library). This was hard without a good
> tutorial and whatnot, but besides the point. I'm also planning on
> creating the consumer end. But then I ran into a logic issue: why?
> Since OpenID doesn't appear to share any user information at all,
> why on earth am I doing this. If I want to allow people to login to
> my site via OpenID, I still need to ask them for all the standard
> registration info, like name and e-mail. That seems very... useless.
> From openid.net: "There's no profile exchange component at all:
> your profiile is your identity URL, but recipients of your identity
> can then learn more about you from any public, semantically
> interesting documents linked thereunder (FOAF, RSS, Atom, vCARD,
> Is there a defined API for second call for data, or are we on our
> own for that one? I mean, OpenID seems like a fantastic idea and
> implementation, but the process of actually *getting* to a user's
> data seems to be completely undefined. Am I wrong?
> Thom McGrath, <http://www.thezaz.com/>
> "You realize you've created God in your own image when God hates
> all the same people you do."
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060428/a85a77c9/lid.gif
-------------- next part --------------
More information about the yadis