Completing the SREG 1.1 specification
Dick Hardt
dick.hardt at gmail.com
Sat Nov 29 06:03:56 UTC 2008
A related topic.
Wondering what the community thinks of having two specifications for
moving around profile data: we have SREG and AX: do we need both?
-- Dick
On 28-Nov-08, at 2:33 PM, Martin Atkins wrote:
>
> Hi all,
>
> It recently became apparent that version 1.1 of the Simple
> Registration
> Extension (SREG), which updates the protocol to work as an OpenID
> Authentication 2.0 extension, was never finished and published.
>
> Furthermore, it has been noted that the latest draft contains
> ambiguities about how SREG is to be used in 1.1 vs. 2.0 messages, and
> that in some cases it does not describe how SREG is used by popular
> implementations today.
>
> I'd like to form a working group to get version 1.1 completed, with a
> focus on simply writing down what current implementations do to aid
> interoperability rather than making any changes.
>
> I have a draft of a more formal working group proposal prepared, but
> first I'd like to see who is interested in working on this. The
> minimum
> membership for an OpenID Foundation working group is five members. I
> anticipate that this group's work will be done relatively quickly,
> since
> we'd merely be documenting established practice.
>
> Please reply here if you'd be interested in joining this working
> group,
> and in particular whether you are willing to be listed as a proposer
> in
> the working group proposal.
>
> I have included below my current draft working group proposal. I
> welcome
> any comments on it.
>
> Thanks,
> Martin
>
> ------------------------------------------------
>
> OpenID Authentication 2.0 was finalized this past December and since
> has started to see quite reasonable adoption. Many implementations
> of Authentication 2.0 have made use of the Simple Registration
> Extension that was popularized as an ad-hoc OpenID 1.1 extension.
>
> While SREG is compatible with and has been deployed using the more
> formal extension mechanism described in OpenID Authentication 2.0,
> a 2.0-compatible version of SREG was never published. A draft
> revised version is available [1], but it was never approved as
> a specification and contains some ambiguities about how SREG
> is used in 2.0 vs 1.1 messages.
>
> This proposal is to form a working group to finish and publish
> a version of SREG that is compatible with OpenID Authentication 2.0,
> describing how SREG is used in existing popular implementations.
>
> ------------------------
>
> == Background information ==
> Many implementors have extrapolated how SREG 1.0 can be used within
> the extension mechanism defined in OpenID Authentication 2.0, but
> this has actually never been documented in a specification. A draft
> of "SREG 1.1" was produced[1], but it was not published and has been
> found to contain some ambiguities and deviations from established
> practice.
>
> == Working Group Name ==
> OpenID Simple Registration Extension 1.1
>
> == Purpose ==
> To complete and publish the SREG 1.1 specification, documenting
> how SREG is used by popular implementations today.
>
> == Scope ==
> The proposed work is as follows:
> * Update the SREG specification to describe how it can be used as
> an OpenID 2.0 extension as well as an OpenID 1.1 ad-hoc extension.
> * Update the SREG specification to correct any deviations between
> the specification and established implementation practice.
>
> Note that this charter does not include adding new features to
> Simple Registration; ideally, the specification produced by this
> working group will merely be documenting existing implementation
> practice, and will require no changes to existing implementations
> as far as possible. Where implementations differ, an approach
> will be chosen on the basis of number of deployments and on
> consensus within the working group.
>
> == Anticipated Contributions ==
> * Feedback from library authors and other implementors about
> how they have adapted SREG 1.0 to work within OpenID 2.0's
> extension mechanism.
> * Specification text to achieve the the goals described in
> the above scope.
>
> == Proposed List of Specifications ==
> * OpenID Simple Registration Extension 1.1 ("SREG 1.1")
>
> == Anticipated audience or users of the work ==
> Implementers of OpenID Providers and Relying Parties.
>
> == Language in which the WG will conduct business ==
> English.
>
> == Method of work ==
> Work will take place primarily on the working group mailing list,
> with the possibility of conference calls and face-to-face meetings
> if deemed necessary by the working group.
>
> == Basis for determining when the work of the WG is completed ==
> Proposed changes will be evaluated on the basis of whether they
> increase or decrease consensus within the working group. The work
> will be completed once it is apparent that maximal consensus on the
> draft has been achieved, consistent with the purpose and scope.
>
> Proposers:
> * Martin Atkins, Six Apart (mart at degeneration.co.uk)
> * David Recordon, Six Apart (drecordon at sixapart.com)
> * ...
>
> Initial Editors:
> * Martin Atkins, Six Apart (mart at degeneration.co.uk)
> * David Recordon, Six Apart (drecordon at sixapart.com)
>
> [1]http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list