views:

956

answers:

2

My website will be using only OpenID for authentication. I'd like to pull user details down via attribute exchange, but attribute exchange seems to have caused a lot of grief for StackOverflow.

What is the current state of play in the industry? Does any OpenID provider do a decent job of attribute exchange?

Should I just steer away from OpenID attribute exchange altogether?

How can I deal with inconsistent support for functionality?

A: 

While Attribute Exchange has it's problems (I'm sure someone from SO can tell you more), it does have a lot of benefits. To some extent it depends on whether you really need it or not. Simple Registration seems to do that job, and it might make sense to just ask the user for certain values. Use common sense and don't get stuck shoving everything down the One True Way.

GaryF
+11  A: 

Here on Stack Overflow, we're just using the Simple Registration extension for now, as there were some issues with Attribute Exchange (AX).

The biggest was OpenID Providers (OP) not agreeing on which attribute type urls to use. The finalized spec for AX says that attribute urls should come from http://www.axschema.org/ However, some OPs, especially our favorite http://myopenid.com, recognize other urls. I wasn't going to keep a list of which ones were naughty and which were nice!

The other problem was that most of the OPs I tried just didn't return information when queried with AX - I might have been doing something wrong (happens quite frequently :) ), but I had made relevant details public on my profiles and we're using the latest, most excellent .NET library, DotNetOpenId.

We'll definitely revisit AX here on Stack Overflow when we get a little more time, as a seamless user experience is very important to us!

Jarrod Dixon
Please let us know when this has happened!
philfreo