Proposing an OpenID Authentication 2.1 Working Group
George Fletcher
gffletch at aol.com
Tue Nov 11 19:24:01 UTC 2008
Great notes! Thanks!
Martin Atkins wrote:
> Here's the output from today's IIW session on this:
>
>
> 2.0 has been finalized
> bunch of implementations
> found lots of spec bugs
>
> also gone and done oauth and email addresses and other things. Can we
> support these in the core spec?
>
> - Making the spec more readable and fixing bugs (eratta)
> - Delegation
> - Error handling
> - Adding a security appendix
> - could be a separate document referred to by the spec
> - possibly produced by separate group
> - Who controls this security page?
> - Security committee could look after this.
> - or Allen at Yahoo! will be editing a security document
> - Clarifying XRI
> - Currently there's no firm message about whether RPs MUST support
> XRIs or not.
> - Need to clarify how exactly XRI should be used with OpenID.
> - Similar to the whitelist question.
> - Clarify if RPs can white or blacklist what OPs they accept, and
> vice-versa.
> - Discovery of type of identifiers an RP supports.
> - Clarifying IRI
> - Updating discovery. Possibly including the new-fangled XRD discovery.
> - Clarifying whether association over SSL must/can use diffie-hellman.
> - Discovery of support of checkid_immediate.
>
> Exploratory work:
> - Signature mechanisms. Looking at additionally supporting the
> mechanisms defined in OAuth so that they can be closer together.
> - Possibly deprecating the current signature mechanism.
> - Public keys?
> - Email-shaped identifiers for OpenID
> - Could be a separate working group?
>
> There was consensus that email-shaped identifiers would be worked on by
> a separate group and possibly rolled into 2.1 if it's done in time.
>
> - Smart/rich clients?
> - Could be in this WG unless it ends up being a big change in which
> case it could be its own WG.
> - There's another session about this.
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
--
Chief Architect AIM: gffletch
Identity Services Work: george.fletcher at corp.aol.com
AOL LLC Home: gffletch at aol.com
Mobile: +1-703-462-3494
Office: +1-703-265-2544 Blog: http://practicalid.blogspot.com
More information about the specs
mailing list