Proposal for Modularizing Auth 2.0 Discovery

Johannes Ernst jernst+openid.net at netmesh.us
Fri Mar 2 20:46:58 UTC 2007


While I'm strongly in favor of modularization from an architectural  
perspective, is there a potential security problem here if multiple  
protocols are developed to resolve the same kind of identifier?  
(because they could resolve to a different set of endpoints / services)

It appears to me that the only way this can work is that while we  
modularize, we only let the same set of people who have defined some  
of the "plug-in" documents define new "plug-in" documents how to do  
discovery. The Yadis decentralized innovation model -- everybody  
define the service types they like, they don't need to ask anybody --  
may not work here.

Or am I off-base?

Cheers,


Johannes.




Johannes Ernst
NetMesh Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070302/00fb000a/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070302/00fb000a/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst



More information about the specs mailing list