OpenID + Simple Registration Information Exchange

David Recordon david at
Thu Mar 16 21:56:10 UTC 2006

So a little more in terms of motivation with sreg...

It isn't meant to be an answer to profile exchange, definitely not "the"
answer to it, as far as OpenID is concerned.  Rather tries to hit two
main use cases: a) creating an account on a site like SourceForge which
requires a nickname and an email address b) reading an online newspaper
which prompts you for age, gender, and location.  While it can be used
for things beyond that, it is limited since a URL can only contain a
certain amount of data anyway.

The really nice thing is this doesn't require any changes to the OpenID
1.1 spec in order to be implemented.  Thus we don't run into backwards
compatibility issues either.  Meaning libraries get updated, UI gets
implemented, and we now have crude (simple) one-time profile exchange.
This is why I like the term registration, in that this is mainly meant
to be used when someone logs in somewhere for the first time with

I'm sure there will be additional extensions in the future to deal with
server <-> server tokens and robust profile exchange combined with
pushing information as it changes.


-----Original Message-----
From: yadis-bounces at
[mailto:yadis-bounces at] On Behalf Of David Recordon
Sent: Wednesday, March 15, 2006 4:42 PM
To: Johannes Ernst; Josh Hoyt
Cc: Yadis list
Subject: RE: OpenID + Simple Registration Information Exchange

While it could definitely be used for more than "registration", this
information is only passed while verifying someone's identity.  While it
definitely can be used in the future, as OpenID is enhanced to deal with
server <-> server assertions, right now I think Simple Registration is a
good name; easy to remember, doesn't advertise more than we want to bite
off, etc.

We prefixed it with openid. so that there would be no backward
compatibility issues or we would need to rev the spec.  Since we already
can include in the signature a bunch of fields starting with openid..  I
would however lean toward matching the vCard naming scheme, which I
think Brad mentioned at one point, if we can do so without the names
becoming too verbose.


-----Original Message-----
From: yadis-bounces at
[mailto:yadis-bounces at] On Behalf Of Johannes Ernst
Sent: Wednesday, March 15, 2006 3:59 PM
To: Josh Hoyt
Cc: Yadis list
Subject: Re: OpenID + Simple Registration Information Exchange

I like it.

Isn't Yadis great. Everybody can innovate!

But have a few suggestions on which I'll expand when I get a bit more
time. In brief:
  - is this really only about "registration"? It seems to have much
broader applicability
  - you are defining a new vocabulary for VCard-type information, and
unfortunately, this industry has already many, many, many, too many,
none of which is compatible with any other. What about not adding
another, and you simply took the XML-VCard vocabulary, and interpreted
your tag names as XPaths?

e.g. instead of calling the tag
you could call it

That would also provide a nice upgrade path to other kinds of
information, and also be totally compatible with what we are doing for
profile queries in LID.

On Mar 15, 2006, at 15:44, Josh Hoyt wrote:

> Hello,
> We all know that there is a lot more to identity than is provided by 
> OpenID. OpenID's aim has been to provide the smallest possible step 
> that gets us closer to the goal of a full user-controlled digital 
> identity system. What OpenID does, it does well, which is to provide a

> simple authentication system which lowers the bar for using different 
> web sites, as well as a host of other nice effects. There is still a 
> common case that gets in the way of OpenID providing seamless 
> interaction across enabled Web sites, and that case is that the Web 
> site needs to know some information about the user before the user is 
> allowed to proceed.
> Yesterday, Brad and David from LiveJournal were in our office, and we 
> talked through a solution to this problem that gets us a step closer 
> to the ideal, but is still very easy to implement as an extension to 
> OpenID[1]. It is a very focused profile-exchange mechanism that 
> provides information that is commonly needed for registering with a 
> Web site. With this addition, the user controls which parts of his or 
> her profile will be sent to a given relying party.
> We wrote up a specification and did a proof-of-concept implementation 
> that transferred data from our web services to LiveJournal, and back.
> It's easy.
> Our Python and Ruby OpenID libraries have been modified to include 
> support for doing simple registration information exchange as both a 
> client and server. We will release this code soon, as well as port it 
> to our other language implementations (Java, PHP, C#, Perl).
> Please read the proposal for extending OpenID and give us feedback.
> This protocol is not the end-game solution, but a step on that 
> journey, that makes people's online experience better today. Please 
> read with that in mind.
> Josh Hoyt <josh at>
> 1.

Johannes Ernst
NetMesh Inc.

More information about the yadis mailing list