Connect spec updated

Paul E. Jones paulej at packetizer.com
Mon May 24 02:03:08 UTC 2010


I fully agree with what you said.  In my opinion, it's the fact that OpenID
standards have not changed substantially in three years that has led to wide
(and growing) adoption.  We need something stable and I, for one, appreciate
that OpenID has been stable.

I'm not opposed to introducing new features, but I do think we need to
ensure we don't break existing deployments.

Paul

> -----Original Message-----
> From: openid-specs-bounces at lists.openid.net [mailto:openid-specs-
> bounces at lists.openid.net] On Behalf Of Pid
> Sent: Wednesday, May 19, 2010 6:11 AM
> To: OpenID Specs
> Subject: Re: Connect spec updated
> 
> On 19/05/2010 09:51, Santosh Rajan wrote:
> > " welcome anyone new into this community" is about offering something
> > new for anybody, frequently. Any marketing person will tell you that.
> > According to your own admission OpenID has not offered a new protocol
> > version 2007. So please do not cast aspersions in the wrong
> direction.
> 
> I *am* new around here and I'm trying to get up to speed with the state
> of play.  I would find it easier to comprehend the suggestions being
> discussed if there was slightly less background noise.
> 
> A community supporting a mature standard or product need not offer new
> things regularly as long as it can support the inquiries of new
> members.
> 
> I think it would be unusual to churn out new specs constantly just to
> keep new community members interested.  This is not an environment
> that's comparable to an online shop.
> 
> 
> $0.02
> 
> 
> p
> 
> 
> 
> > On Wed, May 19, 2010 at 1:50 PM, David Recordon <recordond at gmail.com
> > <mailto:recordond at gmail.com>> wrote:
> >
> >     Replying with "bullshit" isn't going to welcome anyone new into
> this
> >     community. Please stop doing this; you've been asked many times.
> >
> >     Yes, we should increase the involvement of browser vendors and
> it's
> >     great seeing the work that's happening around FireFox. I plan to
> >     track down that team tomorrow and get a better understanding of
> what
> >     browser-based APIs they're proposing and what information
> websites
> >     need to advertise to browsers.
> >
> >     --David
> >
> >
> >     On Wed, May 19, 2010 at 1:12 AM, Santosh Rajan
> <santrajan at gmail.com
> >     <mailto:santrajan at gmail.com>> wrote:
> >
> >         HA! BullShit!
> >
> >         You know what?. I am beginning to believe that we need get
> the
> >         browser vendors to the OpenID community. Yes Google and
> >         Microsoft are already here, but i don't think they are here
> in
> >         the capacity of "browser vendors". We also need the mozilla,
> >         opera, safari guys.
> >
> >         And Mozilla has really been doing some good work in this
> area.
> >         Here is a link.
> >
> >
> https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Late
> > st
> >
> >
> >
> <https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Lat
> > est>
> >
> >         On Wed, May 19, 2010 at 1:25 PM, David Recordon
> >         <recordond at gmail.com <mailto:recordond at gmail.com>> wrote:
> >
> >             Coming out of some conversations at IIW today I've made
> some
> >             changes to the proposal. Patch is attached, but they are:
> >              - Allow passing in `user_id` as a hint when not using
> >             immediate mode in the request.
> >              - Continue to allow users to enter URLs, email
> addresses,
> >             and click buttons but the returned user identifier must
> be a
> >             HTTPS URI.
> >              - Include the expiration time within the signature.
> >              - Clarify how you verify if the token endpoint is
> >             authoritative for a given user identifier.
> >              - Simplify discovery by removing LRDD and using host-
> meta
> >             to determine the server token endpoint on a per domain
> (or
> >             sub-domain) basis. We're having a hard time finding use
> >             cases of running multiple different OpenID servers per
> domain.
> >              - Remove the separate user info API endpoint and instead
> >             make the user identifiers a protected resource. Fetch the
> >             user identifier with an access token and it returns basic
> >             profile information as well as if the access token was
> >             issued by that specific user.
> >
> >             Thanks for all of the feedback and support both virtually
> >             and in person! I'm planning to move this proposal into
> >             GitHub next week (and work with Eran to actually format
> it
> >             like a spec) so that changes are easier to keep track of.
> >
> >             --David
> >
> >             _______________________________________________
> >             specs mailing list
> >             specs at lists.openid.net <mailto:specs at lists.openid.net>
> >             http://lists.openid.net/mailman/listinfo/openid-specs
> >
> >
> >
> >
> >         --
> >         http://hi.im/santosh
> >
> >
> >
> >
> >
> >
> > --
> > http://hi.im/santosh
> >
> >
> >
> >
> > _______________________________________________
> > specs mailing list
> > specs at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs
> 




More information about the specs mailing list