OpenID Authentication 2.0 Draft 10 Posted

Recordon, David drecordon at verisign.com
Sat Oct 14 06:30:58 UTC 2006


With a good deal of work from both Josh and I this past week, we now
have Draft 10
(http://openid.net/specs/openid-authentication-2_0-10.html)!  While I
previously proposed this be the final draft, the delegation proposal is
still being actively discussed and it is quite important consensus be
reached before I'd be comfortable calling the spec "final".  I'll also
be posting various questions I have, sometime in the next day or two,
after fully re-reading the specification today.

--David

Changelog:
 - Rename trust_root to realm
 - Remove SIGNALL
 - Rename nonce to response_nonce, though do not add a request nonce
 - Add http://openid.net/signon/1.1 as an XRD Service type, since it is
present in the wild. Indicate that it triggers compatibility mode.
 - Update August to October
 - Use "OpenID" and "OpenID Authentication" as appropriate
 - Reorder terminology section
 - Make "Identity Provider" the defined term, with IdP as the short-hand
 - Link to RFC when defining Diffie-Hellman Key Exchange
 - Fix various typos and cleanup wording
 - In 3.5, note that EU -> IdP auth is out of scope
 - Note that in 4.1.2 "openid." is only prefixed on request messages
 - Combine "Signature Algorithms" and "Procedure" into one uber
"Signatures" section, though this still needs to be cleaned up more
 - Add motivation to OpenID logo in form field
 - Enumerate XRI Global Context symbols
 - Note the RP should keep the normalized/redirected URL as the Claimed
Identifier
 - Swap 10.3 and 10.4 due to order introduced
 - Add additional cross-references
 - Add "mode" in 13.2.2.2 as a response parameter instead of only
listing it as a request parameter
 - Update 9.3.3 to require support of 1.1 HTML-based discovery to match
14.1



More information about the specs mailing list