Proposing an OpenID Authentication 2.1 Working Group

David Recordon drecordon at sixapart.com
Tue Nov 11 20:46:46 UTC 2008


Yep, thanks!  I'll be sending out a new charter shortly.

On Nov 11, 2008, at 11:24 AM, George Fletcher wrote:

> Great notes! Thanks!
>
> Martin Atkins wrote:
>> Here's the output from today's IIW session on this:
>>
>>
>> 2.0 has been finalized
>> bunch of implementations
>> found lots of spec bugs
>>
>> also gone and done oauth and email addresses and other things. Can we
>> support these in the core spec?
>>
>> - Making the spec more readable and fixing bugs (eratta)
>>   - Delegation
>>   - Error handling
>> - Adding a security appendix
>>   - could be a separate document referred to by the spec
>>   - possibly produced by separate group
>>   - Who controls this security page?
>>     - Security committee could look after this.
>>     - or Allen at Yahoo! will be editing a security document
>> - Clarifying XRI
>>   - Currently there's no firm message about whether RPs MUST support
>> XRIs or not.
>>   - Need to clarify how exactly XRI should be used with OpenID.
>>   - Similar to the whitelist question.
>> - Clarify if RPs can white or blacklist what OPs they accept, and
>> vice-versa.
>>   - Discovery of type of identifiers an RP supports.
>> - Clarifying IRI
>> - Updating discovery. Possibly including the new-fangled XRD  
>> discovery.
>> - Clarifying whether association over SSL must/can use diffie- 
>> hellman.
>> - Discovery of support of checkid_immediate.
>>
>> Exploratory work:
>> - Signature mechanisms. Looking at additionally supporting the
>> mechanisms defined in OAuth so that they can be closer together.
>>   - Possibly deprecating the current signature mechanism.
>>   - Public keys?
>> - Email-shaped identifiers for OpenID
>>   - Could be a separate working group?
>>
>> There was consensus that email-shaped identifiers would be worked  
>> on by
>> a separate group and possibly rolled into 2.1 if it's done in time.
>>
>> - Smart/rich clients?
>>   - Could be in this WG unless it ends up being a big change in which
>> case it could be its own WG.
>>   - There's another session about this.
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>>
>
> -- 
> Chief Architect                   AIM:  gffletch
> Identity Services                 Work: george.fletcher at corp.aol.com
> AOL LLC                           Home: gffletch at aol.com
> Mobile: +1-703-462-3494
> Office: +1-703-265-2544           Blog: http:// 
> practicalid.blogspot.com
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs





More information about the specs mailing list