Proposing an OpenID Authentication 2.1 Working Group
Dick Hardt
dick.hardt at gmail.com
Wed Nov 12 23:06:36 UTC 2008
Eran is promising to move the XRD spec forward quickly.
-- Dick
On 12-Nov-08, at 3:01 PM, Joseph A Holsten wrote:
> Feel free to focus on yadis/xrds errata, but don't worry about XRD
> new fangledness yet. I'd even say don't mention xrds-simple. OpenID
> has been workable with yadis/xrds. But until the xrds-simple/xrd
> stuff gets near final, mentioning it will only confuse people and
> strain their trust.
>
> http://josephholsten.com
>
> On Nov 11, 2008, at 2:46 PM, David Recordon wrote:
>
>> Yep, thanks! I'll be sending out a new charter shortly.
>>
>> On Nov 11, 2008, at 11:24 AM, George Fletcher wrote:
>>
>>> Great notes! Thanks!
>>>
>>> Martin Atkins wrote:
>>>> Here's the output from today's IIW session on this:
>>>>
>>>>
>>>> 2.0 has been finalized
>>>> bunch of implementations
>>>> found lots of spec bugs
>>>>
>>>> also gone and done oauth and email addresses and other things.
>>>> Can we
>>>> support these in the core spec?
>>>>
>>>> - Making the spec more readable and fixing bugs (eratta)
>>>> - Delegation
>>>> - Error handling
>>>> - Adding a security appendix
>>>> - could be a separate document referred to by the spec
>>>> - possibly produced by separate group
>>>> - Who controls this security page?
>>>> - Security committee could look after this.
>>>> - or Allen at Yahoo! will be editing a security document
>>>> - Clarifying XRI
>>>> - Currently there's no firm message about whether RPs MUST support
>>>> XRIs or not.
>>>> - Need to clarify how exactly XRI should be used with OpenID.
>>>> - Similar to the whitelist question.
>>>> - Clarify if RPs can white or blacklist what OPs they accept, and
>>>> vice-versa.
>>>> - Discovery of type of identifiers an RP supports.
>>>> - Clarifying IRI
>>>> - Updating discovery. Possibly including the new-fangled XRD
>>>> discovery.
>>>> - Clarifying whether association over SSL must/can use diffie-
>>>> hellman.
>>>> - Discovery of support of checkid_immediate.
>>>>
>>>> Exploratory work:
>>>> - Signature mechanisms. Looking at additionally supporting the
>>>> mechanisms defined in OAuth so that they can be closer together.
>>>> - Possibly deprecating the current signature mechanism.
>>>> - Public keys?
>>>> - Email-shaped identifiers for OpenID
>>>> - Could be a separate working group?
>>>>
>>>> There was consensus that email-shaped identifiers would be worked
>>>> on by
>>>> a separate group and possibly rolled into 2.1 if it's done in time.
>>>>
>>>> - Smart/rich clients?
>>>> - Could be in this WG unless it ends up being a big change in
>>>> which
>>>> case it could be its own WG.
>>>> - There's another session about this.
>>>>
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>>
>>>
>>> --
>>> Chief Architect AIM: gffletch
>>> Identity Services Work: george.fletcher at corp.aol.com
>>> AOL LLC Home: gffletch at aol.com
>>> Mobile: +1-703-462-3494
>>> Office: +1-703-265-2544 Blog: http://
>>> practicalid.blogspot.com
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list