[OIDFSC] OpenID v.Next Discovery Working Group Proposal

Phillip Hallam-Baker hallam at gmail.com
Tue May 25 12:17:15 UTC 2010 

Why not just copy the scheme that the W3C uses?

They have an issue tracker and a bunch of other stuff and I am pretty
sure it is all based on open source. The only part that isn't is their
conference bridge with an IRC interface which is really cool but
requires a commercial bridge.

Now if someone did that in Asterisk...


2010/5/25 Nat Sakimura <n-sakimura at nri.co.jp>:
> >From the "commoner's" perspective, hg.openid.net and bitbucket.org/openid
> is somewhat different. Whether "openid" is in the "authority" segment or not
> makes the difference.
>
> For tools, wiki is sub-optimal for issue tracking. For that matter, I agree
> that bitbucket.org's issue tracking neither comes to my expectation, but at
> least, I would not have to set a server up or create new identity. I can
> reuse my openid.
>
> Ideally, it should be something that allows us to:
>
> - Use OpenID to login
> - Track the changes.
> - Issue should be assigned
>   - the expected end date
>   - person in charge
>   - status
>
> This will greately simplify our lives. Wiki is not so good for these when
> many issues starts to accumulate. FYI, I use redmine for my day job projects
> and are fairly good, but it is not a hosted solution.
>
> =nat
>
> (2010/05/25 13:05), David Recordon wrote:
>
> Or continue using BitBucket without a custom domain. I'm all for tools, but
> mercurial.openid.net versus bitbucket.com/openid doesn't feel like a large
> difference.
>
> On Mon, May 24, 2010 at 9:09 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>
>> While I am a fan of using tools to simplify our lives, I am concerned that
>> we have setup a number of tools that seemed like a good idea and did not get
>> utilized.
>> I am fearful that community members will spend time on a new tool, only to
>> be disappointed in lack of use.
>>
>> How about we just use the wiki we have now to create a document we can all
>> edit?
>>
>> -- Dick
>>
>> On 2010-05-24, at 7:24 PM, Nat Sakimura wrote:
>>
>> > There are various plans, but since OIDF is primarily operating in
>> > public,
>> > I should think that "Amateur" plan would suffice. It is US$5/mo.
>> > The limitation is that it can only have one private repository,
>> > but that should be ok.
>> >
>> > =nat
>> >
>> > (2010/05/25 1:56), Brian Kissel wrote:
>> >> What is the cost? The Tech Committee has some budget.
>> >>
>> >> Cheers,
>> >>
>> >> Brian
>> >> ___________
>> >>
>> >> Brian Kissel
>> >> CEO - JanRain, Inc.
>> >> bkissel at janrain.com
>> >> Mobile: 503.342.2668 | Fax: 503.296.5502
>> >> 519 SW 3rd Ave. Suite 600  Portland, OR 97204
>> >>
>> >> Increase registrations, engage users, and grow your brand with RPX.
>> >>  Learn
>> >> more at www.rpxnow.com
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: openid-specs-bounces at lists.openid.net
>> >> [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of Nat
>> >> Sakimura
>> >> Sent: Monday, May 24, 2010 8:05 AM
>> >> To: Johannes Ernst
>> >> Cc: OpenID Specs Mailing List
>> >> Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal
>> >>
>> >> Good idea.
>> >>
>> >> I can setup a project under bitbucket.org/openid/ (shall we upgrade to
>> >> non-free version
>> >> so that we get it under openid.net?) and it has a rudimentary bug
>> >> tracking system.
>> >> It can be used by logging in by OpenID.
>> >>
>> >> =nat
>> >>
>> >> On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst
>> >> <jernst+openid.net at netmesh.us>  wrote:
>> >>
>> >>> Allen, combining what you just wrote with what Brian said on the board
>> >>> mailing list about MRDs -- perhaps it would make sense to set up a
>> >>> "bug
>> >>> tracking system" of some kind and use that to drive spec evolution?
>> >>> On May 23, 2010, at 18:56, Allen Tom wrote:
>> >>>
>> >>> Hi Johannes,
>> >>>
>> >>> There isn't a document summarizing the deficiencies with OpenID 2.0
>> >>> discovery - I think it would be very useful for the WG and for the
>> >>>
>> >> Community
>> >>
>> >>> if we wrote this down
>> >>>
>> >>> Off the top of my head, some of the problems are:
>> >>>
>> >>> Yadis discovery is very vague as to exactly how the RP is supposed to
>> >>>
>> >> fetch
>> >>
>> >>> the OP's discovery document. Should it send the magic Accept header?
>> >>>
>> >> Look
>> >>
>> >>> for the X-XRDS-Location header in the response? Do HTML discovery? In
>> >>> practice, many implementers have had problems implementing discovery
>> >>>
>> >> because
>> >>
>> >>> there are too many ways to do it
>> >>> Speaking of Yadis, the specs need to be revised, and it's unclear how
>> >>> to
>> >>>
>> >> go
>> >>
>> >>> about doing this
>> >>> Because a compromised discovery document can result in the complete
>> >>> breakdown in OpenID security - it's important that we find ways to
>> >>>
>> >> increase
>> >>
>> >>> the security of discovery - perhaps it can be signed? Moved into DNS?
>> >>> Discovery is hard to implement - the majority of the code in OpenID
>> >>> libraries is to implement discovery. We can probably simplify
>> >>> discovery
>> >>>
>> >> to
>> >>
>> >>> require less code to implement
>> >>> Delegation is a really useful feature in OpenID - it was pretty
>> >>> straightforward in OpenID 1.1, but is very confusing (to say the
>> >>> least)
>> >>>
>> >> in
>> >>
>> >>> OpenID 2.0 - we can probably do something in discovery to make
>> >>>
>> >> delegation
>> >>
>> >>> work better
>> >>> The infamous NASCAR problem could possibly be helped by discovery
>> >>> The infamous phishing problem could also possibly be helped by
>> >>> discovery
>> >>> LRDD, host-meta, and webfinger are pretty interesting - we should see
>> >>>
>> >> how
>> >>
>> >>> OpenID can leverage these new specs
>> >>>
>> >>> I'm sure that there are more issues with OpenID 2.0 discovery. Anyone
>> >>>
>> >> else
>> >>
>> >>> want to take a stab at it?
>> >>>
>> >>> Allen
>> >>>
>> >>>
>> >>> On 5/21/10 7:55 PM, "Johannes Ernst"<jernst+openid.net at netmesh.us>
>> >>>
>> >> wrote:
>> >>
>> >>> On May 21, 2010, at 19:28, Allen Tom wrote:
>> >>>
>> >>> ... there's universal consensus that the existing OpenID 2.0 discovery
>> >>> mechanism is very deficient ...
>> >>>
>> >>> Is there a summary somewhere of this "universal consensus" of
>> >>>
>> >> deficiencies?
>> >>
>> >>> Thanks,
>> >>>
>> >>>
>> >>> Johannes Ernst
>> >>> NetMesh Inc.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> specs mailing list
>> >>> specs at lists.openid.net
>> >>> http://lists.openid.net/mailman/listinfo/openid-specs
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > Nat Sakimura (n-sakimura at nri.co.jp)
>> > Nomura Research Institute, Ltd.
>> > Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>> >
>> > 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の
>> > 開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受
>> > 信されたメールを削除していただきますようお願い致します。
>> > PLEASE READ:
>> > The information contained in this e-mail is confidential and intended
>> > for the named recipient(s) only.
>> > If you are not an intended recipient of this e-mail, you are hereby
>> > notified that any review, dissemination, distribution or duplication of this
>> > message is strictly prohibited. If you have received this message in error,
>> > please notify the sender immediately and delete your copy from your system.
>> >
>> >
>> > _______________________________________________
>> > specs mailing list
>> > specs at lists.openid.net
>> > http://lists.openid.net/mailman/listinfo/openid-specs
>>
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
>
> --
> Nat Sakimura (n-sakimura at nri.co.jp)
> Nomura Research Institute, Ltd.
> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>
> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
> PLEASE READ:
> The information contained in this e-mail is confidential and intended for
> the named recipient(s) only.
> If you are not an intended recipient of this e-mail, you are hereby notified
> that any review, dissemination, distribution or duplication of this message
> is strictly prohibited. If you have received this message in error, please
> notify the sender immediately and delete your copy from your system.
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>



-- 
Website: http://hallambaker.com/

More information about the specs mailing list