Proposing an OpenID Authentication 2.1 Working Group

George Fletcher gffletch at aol.com
Tue Nov 11 19:24:01 UTC 2008 

Great notes! Thanks!

Martin Atkins wrote:
> Here's the output from today's IIW session on this:
>
>
> 2.0 has been finalized
> bunch of implementations
> found lots of spec bugs
>
> also gone and done oauth and email addresses and other things. Can we 
> support these in the core spec?
>
> - Making the spec more readable and fixing bugs (eratta)
>    - Delegation
>    - Error handling
> - Adding a security appendix
>    - could be a separate document referred to by the spec
>    - possibly produced by separate group
>    - Who controls this security page?
>      - Security committee could look after this.
>      - or Allen at Yahoo! will be editing a security document
> - Clarifying XRI
>    - Currently there's no firm message about whether RPs MUST support 
> XRIs or not.
>    - Need to clarify how exactly XRI should be used with OpenID.
>    - Similar to the whitelist question.
> - Clarify if RPs can white or blacklist what OPs they accept, and 
> vice-versa.
>    - Discovery of type of identifiers an RP supports.
> - Clarifying IRI
> - Updating discovery. Possibly including the new-fangled XRD discovery.
> - Clarifying whether association over SSL must/can use diffie-hellman.
> - Discovery of support of checkid_immediate.
>
> Exploratory work:
> - Signature mechanisms. Looking at additionally supporting the 
> mechanisms defined in OAuth so that they can be closer together.
>    - Possibly deprecating the current signature mechanism.
>    - Public keys?
> - Email-shaped identifiers for OpenID
>    - Could be a separate working group?
>
> There was consensus that email-shaped identifiers would be worked on by 
> a separate group and possibly rolled into 2.1 if it's done in time.
>
> - Smart/rich clients?
>    - Could be in this WG unless it ends up being a big change in which 
> case it could be its own WG.
>    - There's another session about this.
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>   

-- 
Chief Architect                   AIM:  gffletch
Identity Services                 Work: george.fletcher at corp.aol.com
AOL LLC                           Home: gffletch at aol.com
Mobile: +1-703-462-3494
Office: +1-703-265-2544           Blog: http://practicalid.blogspot.com

More information about the specs mailing list