Draft OpenID v.Next Discovery working group charter

SitG Admin sysadmin at shadowsinthegarden.com
Thu Apr 15 00:36:45 UTC 2010


>Shade,  is there specific language that you would like in the charter?

I *would* like to see OpenID open to more than one discovery 
mechanism; you already have this outlined in the charter ("or family 
of discovery specifications").

The point Phillip made (that drew my attention to this thread) was 
about DNS support for fitting into the internet architecture, but 
other discovery methods being "in addition to" DNS; since DNS has 
been supporting the browser redirects OpenID uses for discovery so 
far (not RP's discovering OP's, but users aren't redirected to an IP 
address), it seems to be that the charter directs its WG to come up 
with a viable alternative to DNS.

Is the non-goal of v2.0 compatibility an abdication to another WG, or 
is OpenID v.Next intended to be a complete replacement for OpenID 
v2.0?

I think that requiring IDP's to be able to adjust (and, requisitely, 
*have*) SRV records restricts ordinary users from being able to 
create/control their own URI endpoints; if the user is to have any 
power in this regard, *they* should be able to declare that their IDP 
is reliable enough *for them*. Not trusting it would be RP's choice, 
not a restriction of the spec.

I do not want to see OpenID reliant upon the centralized DNS system. 
If it bootstraps from there and then switches to Web of Trust, 
ambivalence; if it can try alternate DNS systems (*cough* Tor) 
instead / alternatively / in parallel, happiness. I would 
conditionally extend that, *if* DNS support is written into the 
charter, I would like it to be treated no differently from other 
discovery methods.

-Shade


More information about the specs mailing list