Draft OpenID v.Next Discovery working group charter
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Apr 16 15:06:36 UTC 2010
>Let's look at the complete SRV record:
>
>_openid._tcp IN SRV 0 0 8080 openid.example.com.
>
>We have a machine name, but what is the URL to the endpoint for logging in?
>What is the user's OpenID URI?
I think Phillip is proposing a discovery chain - more opportunities
for other parties to step in (at their layer) and take control, more
points of failure if vulnerabilities are discovered in each protocol
- and to be fair, DNS is *already* such a layer. OpenID relies on it.
-Shade
More information about the specs
mailing list