This document discusses managing attributes beyond OpenID AX/SREG. It proposes that attributes come from multiple attribute providers and be digitally signed to ensure integrity and provenance. A user should control what attributes are released to relying parties and manage attributes from providers. Relying parties ultimately decide what attributes they trust based on identity provider trust, authentication strength, attribute provider trust, and attribute details. The document also discusses attribute expression syntax using JSON and developing extensible attribute schemas.