OpenID + Simple Registration Information Exchange

David Recordon david at sixapart.com
Thu Mar 16 00:41:51 UTC 2006


While it could definitely be used for more than "registration", this
information is only passed while verifying someone's identity.  While it
definitely can be used in the future, as OpenID is enhanced to deal with
server <-> server assertions, right now I think Simple Registration is a
good name; easy to remember, doesn't advertise more than we want to bite
off, etc.

We prefixed it with openid. so that there would be no backward
compatibility issues or we would need to rev the spec.  Since we already
can include in the signature a bunch of fields starting with openid..  I
would however lean toward matching the vCard naming scheme, which I
think Brad mentioned at one point, if we can do so without the names
becoming too verbose.

--David

-----Original Message-----
From: yadis-bounces at lists.danga.com
[mailto:yadis-bounces at lists.danga.com] On Behalf Of Johannes Ernst
Sent: Wednesday, March 15, 2006 3:59 PM
To: Josh Hoyt
Cc: Yadis list
Subject: Re: OpenID + Simple Registration Information Exchange

I like it.

Isn't Yadis great. Everybody can innovate!

But have a few suggestions on which I'll expand when I get a bit more
time. In brief:
  - is this really only about "registration"? It seems to have much
broader applicability
  - you are defining a new vocabulary for VCard-type information, and
unfortunately, this industry has already many, many, many, too many,
none of which is compatible with any other. What about not adding
another, and you simply took the XML-VCard vocabulary, and interpreted
your tag names as XPaths?

e.g. instead of calling the tag
     openid.sreg.email
you could call it
     VCARD.EMAIL.USERID
or
     VCARD/EMAIL/USERID

That would also provide a nice upgrade path to other kinds of
information, and also be totally compatible with what we are doing for
profile queries in LID.


On Mar 15, 2006, at 15:44, Josh Hoyt wrote:

> Hello,
>
> We all know that there is a lot more to identity than is provided by 
> OpenID. OpenID's aim has been to provide the smallest possible step 
> that gets us closer to the goal of a full user-controlled digital 
> identity system. What OpenID does, it does well, which is to provide a

> simple authentication system which lowers the bar for using different 
> web sites, as well as a host of other nice effects. There is still a 
> common case that gets in the way of OpenID providing seamless 
> interaction across enabled Web sites, and that case is that the Web 
> site needs to know some information about the user before the user is 
> allowed to proceed.
>
> Yesterday, Brad and David from LiveJournal were in our office, and we 
> talked through a solution to this problem that gets us a step closer 
> to the ideal, but is still very easy to implement as an extension to 
> OpenID[1]. It is a very focused profile-exchange mechanism that 
> provides information that is commonly needed for registering with a 
> Web site. With this addition, the user controls which parts of his or 
> her profile will be sent to a given relying party.
>
> We wrote up a specification and did a proof-of-concept implementation 
> that transferred data from our web services to LiveJournal, and back.
> It's easy.
>
> Our Python and Ruby OpenID libraries have been modified to include 
> support for doing simple registration information exchange as both a 
> client and server. We will release this code soon, as well as port it 
> to our other language implementations (Java, PHP, C#, Perl).
>
> Please read the proposal for extending OpenID and give us feedback.
> This protocol is not the end-game solution, but a step on that 
> journey, that makes people's online experience better today. Please 
> read with that in mind.
>
> Josh Hoyt <josh at janrain.com>
>
> 1. http://www.openidenabled.com/openid/simple-registration-extension

Johannes Ernst
NetMesh Inc.



More information about the yadis mailing list