We have also improved the UI making it much cleaner and easier to follow. One feature of this new UI is a page that allows the user to choose, when first visiting a new site, whether to use their public OpenID (http://openid.aol.com/<username>) or an opaque one. Of course, this choice isn't necessary if the user provides the relying party their full OpenID or the relying party specifically requests an opaque identifier (via PAPE policy). I'd really appreciate feedback on whether this "privacy" feature is helpful to users or just adds more confusion.
In addition to the existing SREG support, the same attributes will be supported via Attribute exchange. There is equivalent support for the http://axschema.org URIs but only partial support for the Information Card URIs as there weren't direct equivalents for all of the attributes. Here is what is currently supported.
http://axschema.org/namePerson/friendly
http://axschema.org/contact/email
http://axschema.org/birthDate
http://axschema.org/person/gender
http://axschema.org/contact/postalCode/home
http://axschema.org/contact/country/home
http://axschema.org/pref/language
http://axschema.org/pref/timezone
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
Suggestions or requests for specific attributes are always welcome. One point of clarification regarding email addresses and verification. The current implementation defaults the email address to the user's AOL provided email address but does allow the user to change the value returned to the relying party.
While there is still a lot to do, it feels really good to finally reach this milestone.
8 comments:
Congratulations George, great news for AOL!
Cheers, Brian
Please consider certification at LOA1 with the US government
Congratulations on the great progress George!
Ah I see you DO support checkid_immediate that is awesome !
Thank Monica, please let us know if you run into any issues with check_immediate.
Excellent! Great to see this finally launch!
When i am trying to connect via my open id a warning message is there stating "Warning! site verification could not be completed." how to solve this issue
Hi mano09, to remove this warning message, your relying party needs to support XRDS discovery. See section 13 of the OpenID 2.0 specification.
Basically, the returned XRDS needs a <Service> element with a <Type> of http://specs.openid.net/auth/2.0/return_to and an <URI> value that matches the return_to parameter in the OpenID request.
Post a Comment