My idea is ...

OpenID should allow relying parties to supply information to the server at any time.

OpenID allows the server to provide limited data to the relying parties through the SReg extension. However, this doesn't permit the relying parties to supply information about the user back to the server. Take for example, game achievements. The relying party might have information about game achievements a user has earned, but there is no methodology to allow the relying party to share this information with other sites (not just the server) without becoming an OpenID provider itself. Unfortunatly, oAuth's design requires it to have a secret pre-shared between the relying party and the provider, obviously not viable for thousands of providers and relying parties. It also has no designation for relying parties other than buttons (e.g. those Google/Yahoo buttons you see on sites). This is obviously also impractical for thousands of providers.

This idea would see OpenID extended to allow relying parties to share any kind of information in any format (strings, arrays, numbers, groups of different data types, etc..) back to the OpenID provider. Relying parties would also be able to request information that other sites have provided via the provider.

8 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base