Are the Discovery Components Done Enough? (Fwd: [security] OpenID Security Best Practices Doc)

David Recordon david at sixapart.com
Tue Jun 9 22:05:26 UTC 2009 

Hey Breno,
I think this is a good point and judging from this thread already,  
there seems to be a group of people really interested in working on  
discovery for OpenID.  If we can frame the working group in the right  
way (David Fuelling framed it well as "I guess I'm more of the opinion  
that the 2.1 Discovery WG is going to produce a "guidance document"  
about 2.1 Discovery") then I think it should be a good thing.  That  
said, let's do a really good job of defining the goals.

I'll spend some time going over the wiki page WG proposal this week.

--David

On Jun 9, 2009, at 2:15 PM, Breno de Medeiros wrote:

> And I agree with you. My view is that in the absence of an OpenID  
> discovery WG there will be _more_ uncertainty about future  
> directions for the spec, not less.
>
> On Tue, Jun 9, 2009 at 2:13 PM, David Fuelling <sappenin at gmail.com>  
> wrote:
> On Tue, Jun 9, 2009 at 7:09 PM, Breno de Medeiros <breno at google.com>  
> wrote:
> If we start the process to form a WG for discovery now, most likely  
> the process would only be completed in 6 months, even if there was  
> considerable agreement and stable technologies to draw from.
>
> Right now, there is quite a bit of momentum and excitement about  
> Webfinger.  The XRI TC is hoping to publish draft specs for XRD  
> withing the next 30 days. Concurrently, and in particular after  
> that, it is hoped that progress on webfinger will be speedy.  
> Webfinger spec discussion may take place at either XRI TC or IETF.
>
> Even if webfinger does become its own spec, I'm not confident it  
> will be end up looking the same in the context of OpenID (there are  
> thorny issues like Authority to contend with: e.g., what system is  
> the meta-data authority for an email address?   DNS? Web (Host- 
> meta?)? Both?  Something-else?
>
> I guess my opinion is that this work needs to happen in both places,  
> so why not start it here as well.
>
> Should we just start responding to all threads about OpenID 2.x  
> discovery by saying that the discussion is taking place at some  
> other mailing list?
>
> Last point to reiterate: There are a lot of Discovery issues besides  
> email addresses and XRD.  See the wiki for more.
>
>
>
>
>
> -- 
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20090609/3b19052b/attachment.htm>

More information about the specs mailing list