Proposing an OpenID Authentication 2.1 Working Group

Chris Messina chris.messina at gmail.com
Tue Nov 18 15:07:48 UTC 2008


And given the growing momentum with the new-fangledness (and it's use in
other places like OAuth and Portable Contacts and OpenSocial) it would be
nice if, by the time an initial draft of the newness is complete, OpenID
would be ready with support for it, so that we can simplify and minimize the
number of libraries out there (i.e. ONE set of discovery libraries).
I also appreciate Martin's notes from IIW, since I was unable to attend, and
look forward to David's new charter, since I'm very much in favor and
supportive of this work!

Chris

On Wed, Nov 12, 2008 at 6:06 PM, Dick Hardt <dick.hardt at gmail.com> wrote:

> Eran is promising to move the XRD spec forward quickly.
>
> -- Dick
>
> On 12-Nov-08, at 3:01 PM, Joseph A Holsten wrote:
>
> > Feel free to  focus on yadis/xrds errata, but don't worry about XRD
> > new fangledness yet. I'd even say don't mention xrds-simple. OpenID
> > has been workable with yadis/xrds. But until the xrds-simple/xrd
> > stuff gets near final, mentioning it will only confuse people and
> > strain their trust.
> >
> > http://josephholsten.com
> >
> > On Nov 11, 2008, at 2:46 PM, David Recordon wrote:
> >
> >> Yep, thanks!  I'll be sending out a new charter shortly.
> >>
> >> On Nov 11, 2008, at 11:24 AM, George Fletcher wrote:
> >>
> >>> Great notes! Thanks!
> >>>
> >>> Martin Atkins wrote:
> >>>> Here's the output from today's IIW session on this:
> >>>>
> >>>>
> >>>> 2.0 has been finalized
> >>>> bunch of implementations
> >>>> found lots of spec bugs
> >>>>
> >>>> also gone and done oauth and email addresses and other things.
> >>>> Can we
> >>>> support these in the core spec?
> >>>>
> >>>> - Making the spec more readable and fixing bugs (eratta)
> >>>>  - Delegation
> >>>>  - Error handling
> >>>> - Adding a security appendix
> >>>>  - could be a separate document referred to by the spec
> >>>>  - possibly produced by separate group
> >>>>  - Who controls this security page?
> >>>>    - Security committee could look after this.
> >>>>    - or Allen at Yahoo! will be editing a security document
> >>>> - Clarifying XRI
> >>>>  - Currently there's no firm message about whether RPs MUST support
> >>>> XRIs or not.
> >>>>  - Need to clarify how exactly XRI should be used with OpenID.
> >>>>  - Similar to the whitelist question.
> >>>> - Clarify if RPs can white or blacklist what OPs they accept, and
> >>>> vice-versa.
> >>>>  - Discovery of type of identifiers an RP supports.
> >>>> - Clarifying IRI
> >>>> - Updating discovery. Possibly including the new-fangled XRD
> >>>> discovery.
> >>>> - Clarifying whether association over SSL must/can use diffie-
> >>>> hellman.
> >>>> - Discovery of support of checkid_immediate.
> >>>>
> >>>> Exploratory work:
> >>>> - Signature mechanisms. Looking at additionally supporting the
> >>>> mechanisms defined in OAuth so that they can be closer together.
> >>>>  - Possibly deprecating the current signature mechanism.
> >>>>  - Public keys?
> >>>> - Email-shaped identifiers for OpenID
> >>>>  - Could be a separate working group?
> >>>>
> >>>> There was consensus that email-shaped identifiers would be worked
> >>>> on by
> >>>> a separate group and possibly rolled into 2.1 if it's done in time.
> >>>>
> >>>> - Smart/rich clients?
> >>>>  - Could be in this WG unless it ends up being a big change in
> >>>> which
> >>>> case it could be its own WG.
> >>>>  - There's another session about this.
> >>>>
> >>>> _______________________________________________
> >>>> specs mailing list
> >>>> specs at openid.net
> >>>> http://openid.net/mailman/listinfo/specs
> >>>>
> >>>>
> >>>
> >>> --
> >>> Chief Architect                   AIM:  gffletch
> >>> Identity Services                 Work: george.fletcher at corp.aol.com
> >>> AOL LLC                           Home: gffletch at aol.com
> >>> Mobile: +1-703-462-3494
> >>> Office: +1-703-265-2544           Blog: http://
> >>> practicalid.blogspot.com
> >>>
> >>> _______________________________________________
> >>> specs mailing list
> >>> specs at openid.net
> >>> http://openid.net/mailman/listinfo/specs
> >>
> >>
> >> _______________________________________________
> >> specs mailing list
> >> specs at openid.net
> >> http://openid.net/mailman/listinfo/specs
> >
> >
> > _______________________________________________
> > specs mailing list
> > specs at openid.net
> > http://openid.net/mailman/listinfo/specs
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>



-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20081118/fc6cd0c3/attachment-0002.htm>


More information about the specs mailing list