Artifact Binding Charter OK?

[Allen Tom]

Not just mobile devices have problems with large payloads, even regular
desktop browsers have problems with URLs over 2KB.

Is the assumption that Artifact Binding will be compatible with all the
existing extensions ­ including PAPE, AX, SREG, User Inteface, and Hybrid?

Allen



On 11/21/09 4:54 PM, "Dick Hardt" <Dick.Hardt at microsoft.com> wrote:

> Hi Nat, here is some suggested rewording of the charter, feel free to use,
> change. modify or discard:
> 
> 
> II. Statement of Purpose
> Produce an OpenID specification that enables large payloads to move directly
> between the RP and OP. This will address bandwidth and payload limits for
> mobile devices.
> 
> III. Scope
> Develop a mechanism for an RP and OP to communicate large payloads directly
> and securely after the transaction has been initiated and approved by the user
> at their device.
> 
> Original:
> 
> II. Statement of Purpose
> Produce a binding of OpenID requests and response (assertion) that uses direct
> communication for main payload and indirect communication for a small
> reference data called Artifact to cope with long URL limits experienced by man
> 
> III. Scope
> Create the Artifact Binding to support the identified needs. Currently
> identified: 
> * Cope with long url problem, especially for mobile browsers.
> * Cope with the security problems of non-encrypted payload to go through the
> user agents which may act as a man-in-the-middle.
> 
> On 2009-11-20, at 6:05 PM, Nat Sakimura wrote:
> 
>> Hi 
>> 
>> The other thread almost got entirely on AX, but in the first post, there was
>> a link to Artifact Binding as well.
>> Does the artifact binding charter sounds ok to you?
>> 
>> http://wiki.openid.net/Artifact_Binding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091122/0e5bc8f9/attachment.htm>