Completing the SREG 1.1 specification

Martin Atkins mart at degeneration.co.uk
Fri Nov 28 22:33:09 UTC 2008


Hi all,

It recently became apparent that version 1.1 of the Simple Registration 
Extension (SREG), which updates the protocol to work as an OpenID 
Authentication 2.0 extension, was never finished and published.

Furthermore, it has been noted that the latest draft contains 
ambiguities about how SREG is to be used in 1.1 vs. 2.0 messages, and 
that in some cases it does not describe how SREG is used by popular 
implementations today.

I'd like to form a working group to get version 1.1 completed, with a 
focus on simply writing down what current implementations do to aid 
interoperability rather than making any changes.

I have a draft of a more formal working group proposal prepared, but 
first I'd like to see who is interested in working on this. The minimum 
membership for an OpenID Foundation working group is five members. I 
anticipate that this group's work will be done relatively quickly, since 
we'd merely be documenting established practice.

Please reply here if you'd be interested in joining this working group, 
and in particular whether you are willing to be listed as a proposer in 
the working group proposal.

I have included below my current draft working group proposal. I welcome 
any comments on it.

Thanks,
Martin

------------------------------------------------

OpenID Authentication 2.0 was finalized this past December and since
has started to see quite reasonable adoption. Many implementations
of Authentication 2.0 have made use of the Simple Registration
Extension that was popularized as an ad-hoc OpenID 1.1 extension.

While SREG is compatible with and has been deployed using the more
formal extension mechanism described in OpenID Authentication 2.0,
a 2.0-compatible version of SREG was never published. A draft
revised version is available [1], but it was never approved as
a specification and contains some ambiguities about how SREG
is used in 2.0 vs 1.1 messages.

This proposal is to form a working group to finish and publish
a version of SREG that is compatible with OpenID Authentication 2.0,
describing how SREG is used in existing popular implementations.

------------------------

== Background information ==
Many implementors have extrapolated how SREG 1.0 can be used within
the extension mechanism defined in OpenID Authentication 2.0, but
this has actually never been documented in a specification. A draft
of "SREG 1.1" was produced[1], but it was not published and has been
found to contain some ambiguities and deviations from established
practice.

== Working Group Name ==
OpenID Simple Registration Extension 1.1

== Purpose ==
To complete and publish the SREG 1.1 specification, documenting
how SREG is used by popular implementations today.

== Scope ==
The proposed work is as follows:
* Update the SREG specification to describe how it can be used as
an OpenID 2.0 extension as well as an OpenID 1.1 ad-hoc extension.
* Update the SREG specification to correct any deviations between
the specification and established implementation practice.

Note that this charter does not include adding new features to
Simple Registration; ideally, the specification produced by this
working group will merely be documenting existing implementation
practice, and will require no changes to existing implementations
as far as possible. Where implementations differ, an approach
will be chosen on the basis of number of deployments and on
consensus within the working group.

== Anticipated Contributions ==
* Feedback from library authors and other implementors about
how they have adapted SREG 1.0 to work within OpenID 2.0's
extension mechanism.
* Specification text to achieve the the goals described in
the above scope.

== Proposed List of Specifications ==
* OpenID Simple Registration Extension 1.1 ("SREG 1.1")

== Anticipated audience or users of the work ==
Implementers of OpenID Providers and Relying Parties.

== Language in which the WG will conduct business ==
English.

== Method of work ==
Work will take place primarily on the working group mailing list,
with the possibility of conference calls and face-to-face meetings
if deemed necessary by the working group.

== Basis for determining when the work of the WG is completed ==
Proposed changes will be evaluated on the basis of whether they
increase or decrease consensus within the working group.  The work
will be completed once it is apparent that maximal consensus on the
draft has been achieved, consistent with the purpose and scope.

Proposers:
* Martin Atkins, Six Apart (mart at degeneration.co.uk)
* David Recordon, Six Apart (drecordon at sixapart.com)
* ...

Initial Editors:
* Martin Atkins, Six Apart (mart at degeneration.co.uk)
* David Recordon, Six Apart (drecordon at sixapart.com)

[1]http://openid.net/specs/openid-simple-registration-extension-1_1-01.html




More information about the specs mailing list