Consolidated Delegate Proposal

Dick Hardt dick at sxip.com
Wed Oct 18 05:58:31 UTC 2006


I don't see there being general consensus.

I think Chris Drake was supportive of there being less disclosure as  
well.

Josh said it could be any of the three, but preferred two parameters.

Brad did not really care.

I do care and would like to see direct criticism on the explanation I  
wrote about how the protocol works.

It is a different way of thinking about what OpenID is doing, and I  
think it is a useful view that makes it simpler. The RP does not need  
to worry about the delegation mechanism. There is only one identifier  
moving around. The concept that there is an RP identifier and an IdP  
identifier is not needed.

What is missing from my previous posts? Throw me a bloody bone here  
so that I know what I am missing.

-- Dick


On 17-Oct-06, at 3:20 PM, Recordon, David wrote:

> I'm also echoing what Josh has said.  There has been significant
> discussion on this issue and there seems to be general consensus,
> excluding Sxip, that the protocol should have two parameters.
>
> --David
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf Of Josh Hoyt
> Sent: Tuesday, October 17, 2006 5:24 PM
> To: Dick Hardt
> Cc: specs at openid.net
> Subject: Re: Consolidated Delegate Proposal
>
> On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
>>> 2. It is explicit what is going on from an implementation and
>>> specification perspective
>>
>> And I see the opposite. What the RP sends the IdP is just a hint.
>> What the IdP sends the RP is authoritative.
>> I see having two parameters as implying more meaning then is really
>> there.
>
> The IdP sending two identifiers *in the response* as the important  
> part.
> The IdP is only authoritative *if discovery says it is*. There is no
> more meaning to the response than "I am asserting that when you do
> discovery, you will find that this information is true." What other
> meaning do you see?
>
>> Did you read what I wrote? Was there something you did not  
>> understand?
>
>> Perhaps you can point out what you disagree about what I wrote?
>
> It's possible that I misinterpreted "the RP is figuring them out
> anyway." I took this as questioning why two identifiers is an
> improvement over the current (delegate only) model.
>
> My answer to this question was "it is explicit what is going on  
> from an
> implementation and specification perspective." This statement was
> motivated by implementation experience and experience writing about  
> this
> issue in OpenID 2 drafts. I believe that the two identifier approach
> will be easier.
>
> I also believe that if I had spent the time that I've spent arguing
> about this issue in documentation and implementation, the world  
> would be
> better off, regardless of which of the three viable options for
> identifier portability had been chosen.
>
> I repeat, ALL THREE OPTIONS ARE VIABLE. There are trade-offs for  
> all of
> them. You know which trade-offs I'd make. I know which ones you'd  
> make.
> We just need to make a decision so that we can spend our energy and  
> time
> on things that will make a difference to end-users. This is my last  
> word
> on this list about this issue, unless there is significant insight.  
> I am
> not going to change my votes.
>
> If you want to discuss it more off-list, I'm willing, but I think  
> that'd
> just be wasting both of our time.
>
> Josh
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>




More information about the specs mailing list