No subject


Tue Apr 24 11:52:11 UTC 2007


understand yet
– I’m supposed to wait for chapter 5, where the packet =
sniffing
traces are given. Chapter 3 comes across just a (confusing) =
overly-technical overview
of the core system flows. So, this is the second time I wanted to get =
clear
info on this topic area from the book,… and I’m still =
frustrated<o:p></o:p></span></p>

<p class=3DMsoListParagraph><span =
style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoListParagraph><span style=3D'color:#1F497D'>Some notes, =
added upon a
second reading: Having criticized the early sections, from section 3.4 =
onwards,
note, the chapter really does improve remarkably, into what I had =
expected. It does
what was billed at the outset of the chapter, in these sub-topic areas. =
I do
wish it had explained WHY one might choose to encrypt the =
hmac-signature! One
is left with the feeling that (and here the author does a good job) that =
the
whole association process is like a poor man&#8217;s SSL handshake and =
session
management &#8211; which one is advised then to use anyways! The lack of =
clarity
in describing the various bindings used really does the presentation of =
the security
handshake state machine a dis-service. Sections 3.7 and later etc =
don&#8217;t really
belong in this chapter.<br>
<br>
<o:p></o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 =
level1 lfo1'><![if !supportLists]><span
style=3D'color:#1F497D'><span style=3D'mso-list:Ignore'>4.<span =
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D'color:#1F497D'>Chapter 4 =
is well
done. I wish its screenshots had been used in chapter 1, so there would =
have
been continuity and development.<br>
<br>
<o:p></o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 =
level1 lfo1'><![if !supportLists]><span
style=3D'color:#1F497D'><span style=3D'mso-list:Ignore'>5.<span =
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D'color:#1F497D'>Chapter 5 =
is similarly
well done, with the same comments as on chapter 4.&nbsp; 5.4 ought to be =
in
chap 3, where it belongs (and where I missed it!)<o:p></o:p></span></p>

<p class=3DMsoListParagraph><span =
style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 =
level1 lfo1'><![if !supportLists]><span
style=3D'color:#1F497D'><span style=3D'mso-list:Ignore'>6.<span =
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D'color:#1F497D'>Chapter 6 =
was ok. It
was an example driven description. It would be nice to see a more =
expressive
extension architecture portrayal. One example showed enhancing OpenID =
Auth,
another the YADIS file. I didn&#8217;t feel that the author was =
convincing me
that the framework for extensibility was itself sound, as the =
protocol&#8217;s
usage and applicability takes off &#8211; possibly into areas where =
there will inevitably
be a need for private extensions, that do not go into the meritocracy =
forum or decision
making process. <o:p></o:p></span></p>

<p class=3DMsoListParagraph><span =
style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 =
level1 lfo1'><![if !supportLists]><span
style=3D'color:#1F497D'><span style=3D'mso-list:Ignore'>7.<span =
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D'color:#1F497D'>I recognize =
chapter
7 as a&#8230; horizons chapter. This is fitting. &nbsp;It finally =
declares SAML
as the enemy (hehe!), making some juvenile claims &#8211; and possibly =
embarrassing
VeriSign (a SAML founder).&nbsp; Consider your image, author! It =
portrays
OpenID in the enterprise or cross-enterprise space as something that is =
tied to
cross-domain directory management. I turned off &#8211; as one reader =
who has
had quite enough of that particular line of coolaid after 20 years of =
it. Be
careful with the tone, here. Don&#8217;t bias horizon presentation with =
too
strong a presentation of the author&#8217;s opinions about the way you =
believe the
future SHOULD go, assuming OpenID takes off. That is the reader&#8217;s =
prerogative<o:p></o:p></span></p>

<p class=3DMsoListParagraph><span =
style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoListParagraph style=3D'text-indent:-.25in;mso-list:l0 =
level1 lfo1'><![if !supportLists]><span
style=3D'color:#1F497D'><span style=3D'mso-list:Ignore'>8.<span =
style=3D'font:7.0pt "Times New =
Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><![endif]><span style=3D'color:#1F497D'>Needs to =
disappear,
into an appendix. The book came to close at 7. Don&#8217;t reopen =
it.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0in 0in 0in'>

<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
general-bounces at openid.net [mailto:general-bounces at openid.net] <b>On =
Behalf Of </b>Rafeeq
Rehman<br>
<b>Sent:</b> Wednesday, July 25, 2007 7:34 PM<br>
<b>To:</b> general at openid.net<br>
<b>Subject:</b> [OpenID] OpenID Book draft version available for =
download<o:p></o:p></span></p>

</div>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>All,<o:p></o:p></p>

<p class=3DMsoNormal>The draft PDF version of OpenID Book is available =
for
download now at <a =
href=3D"http://www.openidbook.com">http://www.openidbook.com</a><o:p></o:=
p></p>

<p class=3DMsoNormal>&nbsp;<o:p></o:p></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;font-family:"Arial","sans-serif"'>Rafeeq
Rehman</span>&nbsp; <o:p></o:p></p>

<p class=3DMsoNormal><span =
style=3D'font-size:10.0pt;color:#4F81BD'><o:p>&nbsp;</o:p></span></p>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'>

<hr size=3D2 width=3D"100%" align=3Dcenter>

</div>

<p class=3DMsoNormal><span =
style=3D'font-size:8.0pt;font-family:"Arial","sans-serif"'>This
message and any attachments contain confidential information intended =
for a
specific individual,&nbsp;a specific purpose, and is protected by law. =
It can't
be used or forwarded to anyone for any other purpose. - If you are not =
the
intended recipient, you should delete this message and are hereby =
notified that
any disclosure, copying, or distribution of this message, or the taking =
of any
action based on it, is strictly prohibited.</span><span =
style=3D'font-size:8.0pt'><o:p></o:p></span></p>

<p class=3DMsoNormal>&nbsp;<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>

------_=_NextPart_001_01C7D15D.1975FC22--


More information about the general mailing list