Proposal for Modularizing Auth 2.0 Discovery
Recordon, David
drecordon at verisign.com
Fri Mar 2 21:30:18 UTC 2007
I agree. I think it is great having a way for people to easily propose
new identifier formats and even use them within their own
implementations. There does however need to be some sort of community
review process before new identifiers are added to OpenID in a public
fashion.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Johannes Ernst
Sent: Friday, March 02, 2007 12:47 PM
To: specs at openid.net
Subject: Re: Proposal for Modularizing Auth 2.0 Discovery
While I'm strongly in favor of modularization from an architectural
perspective, is there a potential security problem here if multiple
protocols are developed to resolve the same kind of identifier?
(because they could resolve to a different set of endpoints / services)
It appears to me that the only way this can work is that while we
modularize, we only let the same set of people who have defined some of
the "plug-in" documents define new "plug-in" documents how to do
discovery. The Yadis decentralized innovation model -- everybody define
the service types they like, they don't need to ask anybody -- may not
work here.
Or am I off-base?
Cheers,
Johannes.
Johannes Ernst
NetMesh Inc.
More information about the specs
mailing list