Requirements discussion of OpenID Future

Anthony Nadalin tonynad at microsoft.com
Wed Jun 23 06:03:24 UTC 2010


> 9) Higher LOA -According to John Bradley, 90% of the work required to implement higher LOA is already in OAuth2

So OAuth doesn't accommodate for multi-leg issuance (both for the access grant and the access request). This may be an issue as some tokens could be provisioned out-of-band, also may need  write a new profile defining efficient encoding for token format (e.g., to simplify parsing and include them in URLs). So I don't think that this is a done deal and this would mean getting this work done now in OAuth

-----Original Message-----
From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of Allen Tom
Sent: Monday, June 21, 2010 6:58 PM
To: OpenID Specs Mailing List
Subject: Requirements discussion of OpenID Future

Hi All,

There¹s been a lot of discussion the past few weeks around specific technical proposals focused on moving OpenID forward. We wanted to take a step back and make sure that we understand the problems that there are broad consensus around solving over the next six to nine months. While there has also been some discussion around use cases and charters, there hasn¹t yet been broad consensus.

Today Yahoo!, Google, and Facebook met with some of the authors of Artifact Binding, the OpenID Connect proposal, and OAuth 2.0 to discuss our specific future requirements.  We put together a summary document of 20+ items that we would like to see and wanted to start a discussion around them.  Today helped to verify our instinct that we could achieve these OpenID goals by layering features on top of OAuth 2.0 while specifically maintaining the decentralized nature of OpenID.

After this discussion it seems that the Connect work group charter can encompass this work and thus provides a mailing list and IPR policy to work on these items. Facebook, Google, and Yahoo! expect to be able to sign the contributor agreements for the OpenID Connect working group relatively soon.

We hope that other OpenID community members and organizations will provide feedback on how this list compares to their needs and/or get involved in flushing out the technical details.

Here's the list of features that we would like to see implemented in a future version of OpenID:

http://wiki.openid.net/Future-OpenID-Technical-Requirements

Feedback and discussion is more than welcome!

Allen

_______________________________________________
specs mailing list
specs at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs



More information about the specs mailing list