[OpenID] is openid 2.0 a lightweight identity system?

Robert Yates robyates70 at gmail.com
Thu Feb 8 23:05:44 UTC 2007


On 2/8/07, David Fuelling <sappenin at gmail.com> wrote:

> The con here is that perhaps
> we have too much in the spec.  The pro is that we have a unified approach
> now -- everybody is on board with one single spec: OpenId 2.0.

Understood, but is it still possible to get less in the spec and still
get everybody on board with a unified approach?

As a possible implementor of the spec I'd certainly like to see the
barrier to entry lowered. It's pretty high at the moment.

For example, how much resistance would there actually be to removing
"Diffie-Hellman Associations" and instead always relying upon a
"Direct Request".  If folks really want to use associations they can
always fall back to openid 1.1 which "should" be supported by all
parties anyway.

Just a thought,

Rob



More information about the general mailing list