Are the Discovery Components Done Enough? (Fwd: [security] OpenID Security Best Practices Doc)
David Fuelling
sappenin at gmail.com
Tue Jun 9 21:13:31 UTC 2009
On Tue, Jun 9, 2009 at 7:09 PM, Breno de Medeiros <breno at google.com> wrote:
> If we start the process to form a WG for discovery now, most likely the
> process would only be completed in 6 months, even if there was considerable
> agreement and stable technologies to draw from.
>
> Right now, there is quite a bit of momentum and excitement about
> Webfinger. The XRI TC is hoping to publish draft specs for XRD withing the
> next 30 days. Concurrently, and in particular after that, it is hoped that
> progress on webfinger will be speedy. Webfinger spec discussion may take
> place at either XRI TC or IETF.
>
Even if webfinger does become its own spec, I'm not confident it will be end
up looking the same in the context of OpenID (there are thorny issues like
Authority to contend with: e.g., what system is the meta-data authority for
an email address? DNS? Web (Host-meta?)? Both? Something-else?
I guess my opinion is that this work needs to happen in both places, so why
not start it here as well.
Should we just start responding to all threads about OpenID 2.x discovery by
> saying that the discussion is taking place at some other mailing list?
Last point to reiterate: There are a lot of Discovery issues besides email
addresses and XRD. See the wiki for more.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090609/6a115fef/attachment.htm>
More information about the specs
mailing list