The document provides an overview of the Trust Exchange (TX) extension for OpenID, which allows for contract-driven data exchange to enable more secure transactions. The TX extension defines protocols for contract negotiation using either synchronous POST binding or asynchronous artifact binding. It also defines an optional data transfer method and formats for contract proposals and signed contracts containing terms like participant IDs, amounts, signatures, and expiration dates. The goal is to augment OpenID with stronger authentication and secure attribute exchange for sensitive transactions.
6. OpenID Login + Payment (synchronous) OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion +[TX] Contract Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
7. OpenID Login + Payment (synchronous) OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing POST Binding Redirect to L2+Payment OP with [TX]POST Contract Proposal Proposal Signing
8. Notification OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) [TX] send Contract based Request [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing [TX] Notification (status) Status: Contract Complete, Data Changed, Contract terminated, ID removed [TX] Notification OP to RP notification RP to OP notification
9. Data Transfer (Optional) OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) [TX] GET with Contract ID + Signature [TX] Receive Data Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing N.B. Although TX defines a default Data Transfer protocol, it can be substituted by any other methods as long as it is specified in the Contract.
10. OpenID Login + Payment (synchronous) OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion +Contract ID Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing Artifact Binding Proposal Signing
11. OpenID Login + Payment (asynchronous) OP(Level 1) User (Browser) XRDS OP(Level 2 + Payment) RP(Shopping) Click “Login to check out” button Find the service for level 1 auth and Level 2+Payment auth Redirect to the Level 1 auth OP AuthN with Username and password etc. Positive Assertion Show Order Form Click on “Buy” button Redirect to L2+Payment OP with Transaction ID Positive Assertion + tx.c.tatus=Pending Autn with 2 nd factor etc. “ Thanks!” screen Login to Checkout taro123 ***** Buy 暗証番号 Thanks! Approval Signing [TX]POST Contract Proposal [TX] Transaction ID [TX] send Contract ID [TX] Receive Contract Legend OpenID Authentication User AuthN OpenID (TX) Approval/Signing [TX] Completion Notification Artifact Binding Proposal Signing