OpenID Attribute Exchange implementation/integration with Drupal

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
anshuprateek's picture

I propose to implement/integrate OpenID Attribute Exchange with Drupal. OpenID Attribute Exchange is a service extension for OpenID. OpenID Attribute Exchange allows identity information exchange between endpoints, i.e, it allows or rather is a way of transferring information about the user between the OpenID provider and relying party . Using the OpenID Attribute Exchange, identity information can be stored and retrieved using fetch and store messages respectively.

Both the fetch and store operations are performed only as a part of the OpenID authentication request itself. This helps the identity provider to first confirm with the user whether to send a particular attribute to a relying party or not. Also if the required attribute is not already stored with the identity provider, then the identity provider can ask the user to enter the required values so that they can be used upon any further query for the same attribute. Also a predefined policy can be used by the identity provider to decide what all data is to be send to a particular relying party. This helps in creation of personas. Its possible for any user to have multiple personas as a part of their identity. For exapmle a user can have a home persona for use within social networking sites and another work persona for use within professional/work sites. Basically a persona is a subset of the user's identity data.
For store requests, the identity provider the user can be asked for confirmation before storing any attributes on their identity.

Drupal has integrated OpenID support into its core from Drupal-6.0. Also Drupal supports OpenID server as Identity Provider(IdP) in Drupal-4.7, though its still to be ported to higher versions.

BENEFITS TO DRUPAL/OPEN SOURCE COMMUNITY:
Integration/implementation of OpenID Attribute Exchange will further ease the end user experience and add to the domain of digital identity already added on to by the integration of OpenID with Drupal-6. Since Drupal-6.0 supports OpenID in its core, a user will be able to register on any Drupal-6.0 powered website using any of his openid digital identities with almost zero "online paperwork". Implementation of attribute exchange will allow the relying party (the drupal website) to obtain any other additional user information/attributes from the identity provider with the permission of the user. It will not only ease the registration process but also help in an easier management of user profile/preferences at a central location, i.e, with the identity provider chosen by the user. Since this entire information exchange follows the openID authentication process, a user can select what all data is to be send to the sites involved, thus keeping the privacy issues to the least.

PROJECT DETAILS:

OpenID Attribute Exchange is an extension for OpenID service which allows the transfer of various user related details/information/attributes between the relying party and the identity provider. There are two primary operations that can be done using the Attribute Exchange:
a) Fetch/retrieve some required attribute about the user from the identity provider.
b) Store some additional attribute about the user on his identity provider.

The OpenID Attribute Exchange service extension provides a mechanism for moving identity information between sites with the following information model:
An attribute associated with a Subject Identifier, i.e, an URI.
An attribute having a type identifier( another URI, which is used for referring to property values) and a value(any kind of data)

Since Drupal-6.0 has openID support as Relying Party and Identity Provider suppport or openid server support will soon be ported from Drupal-4.7 to the present versions, I propose to create an Attribute Exchange module for the core that will do the various Attribute Exchange interactions both as a Relying Party as well as an Identity Provider.

The Relying Party module part will allow for discovery, fetch request message and store request message using the standard specifications as described in

http://openid.net/specs/openid-attribute-exchange-1_0.html

Also the Identity Provider part of the module will allow for fetch response and store response in the apt formats as detailes by the standard specifications.

Further there will be integration of the module part with the OpenID core module and server module within the Drupal core. As the support for OpenID is already there in Drupal-6.0, it should be just a matter of providing appropriate functions to the core.

DELIVERABLES:
OpenID Attribute Exchange implementation/integration with Drupal.

Comments

This already exists

fgm@drupal.org's picture

It is part of the 4.7.x branch of the module as openid_server.module and "just" needs to be ported to 5.x/6.x/HEAD.

So it seems too small for a SoC task.

there is some work to do

walkah's picture

but, agreed, it's primarily just a porting job ... and further, it's already well underway. Patches are welcome, but it's probably not a great SoC project - there's lots else to work on.

Work on implementing Attribute Exchange ( http://openid.net/specs/openid-attribute-exchange-1_0.html ), however, would make a good project.

anshuprateek's picture

Hi Walkah,
I have updated the proposal to implement the openid attribute exchange with drupal. Please have a look at it.
Waiting for a review.
Thanks
Anshu Prateek
PS: Kindly execuse if you are getting multiple mails regarding this. There was some problem with the connection at my end and I wasnt sure if the message was being sent or not

Possible shortlist of

bonobo's picture

Possible shortlist of project ideas?

  1. Delegation
  2. AX, with an accompanying UI (possibly using CCK)
  3. Personas, allowing the user to choose what details to share with what site --

@walkah -- is this the main thread where the port is being worked on, or are there other discussions that are relevant: http://drupal.org/node/231270


FunnyMonkey
Tools for Teachers

(No subject)

anshuprateek's picture

Proposal Overhauled

anshuprateek's picture

Hi to all,
I have completely overhauled my proposal from integrating openid server to implementing openid attribute exchange. Kindly review.
Thanks
Anshu Prateek

I'm well underway of having

Jax's picture

I'm well underway of having the openId server working in Drupal 6.
http://drupal.org/node/231270

So that might be used as a starting point.

Implementation with openid server

anshuprateek's picture

OpenId server and relying party support is the base for Attribute Exchange implementation. So that will definitely be the base required for this proposal of mine. Walkah had let me know on #drupal that server support will be implemented in D6 by the time gsoc starts. And as openid server is already in D6 core, nothing much to worry about on that front. Will definitely be helpful for me to work with the people involved in openid implementation in drupal