Draft OpenID v.Next Discovery working group charter

SitG Admin sysadmin at shadowsinthegarden.com
Fri Apr 16 15:06:36 UTC 2010


>Let's look at the complete SRV record:
>
>_openid._tcp            IN      SRV     0 0 8080 openid.example.com.
>
>We have a machine name, but what is the URL to the endpoint for logging in?
>What is the user's OpenID URI?

I think Phillip is proposing a discovery chain - more opportunities 
for other parties to step in (at their layer) and take control, more 
points of failure if vulnerabilities are discovered in each protocol 
- and to be fair, DNS is *already* such a layer. OpenID relies on it.

-Shade


More information about the specs mailing list