[OIDFSC] OpenID v.Next Discovery Working Group Proposal

Nat Sakimura n-sakimura at nri.co.jp
Tue May 25 12:21:19 UTC 2010


Is there a free hosting service for that? That seems to be the biggest
difference here.

=nat

2010/5/25 Phillip Hallam-Baker <hallam at gmail.com>:
> Why not just copy the scheme that the W3C uses?
>
> They have an issue tracker and a bunch of other stuff and I am pretty
> sure it is all based on open source. The only part that isn't is their
> conference bridge with an IRC interface which is really cool but
> requires a commercial bridge.
>
> Now if someone did that in Asterisk...
>
>
> 2010/5/25 Nat Sakimura <n-sakimura at nri.co.jp>:
>> >From the "commoner's" perspective, hg.openid.net and bitbucket.org/openid
>> is somewhat different. Whether "openid" is in the "authority" segment or not
>> makes the difference.
>>
>> For tools, wiki is sub-optimal for issue tracking. For that matter, I agree
>> that bitbucket.org's issue tracking neither comes to my expectation, but at
>> least, I would not have to set a server up or create new identity. I can
>> reuse my openid.
>>
>> Ideally, it should be something that allows us to:
>>
>> - Use OpenID to login
>> - Track the changes.
>> - Issue should be assigned
>>   - the expected end date
>>   - person in charge
>>   - status
>>
>> This will greately simplify our lives. Wiki is not so good for these when
>> many issues starts to accumulate. FYI, I use redmine for my day job projects
>> and are fairly good, but it is not a hosted solution.
>>
>> =nat
>>
>> (2010/05/25 13:05), David Recordon wrote:
>>
>> Or continue using BitBucket without a custom domain. I'm all for tools, but
>> mercurial.openid.net versus bitbucket.com/openid doesn't feel like a large
>> difference.
>>
>> On Mon, May 24, 2010 at 9:09 PM, Dick Hardt <dick.hardt at gmail.com> wrote:
>>>
>>> While I am a fan of using tools to simplify our lives, I am concerned that
>>> we have setup a number of tools that seemed like a good idea and did not get
>>> utilized.
>>> I am fearful that community members will spend time on a new tool, only to
>>> be disappointed in lack of use.
>>>
>>> How about we just use the wiki we have now to create a document we can all
>>> edit?
>>>
>>> -- Dick
>>>
>>> On 2010-05-24, at 7:24 PM, Nat Sakimura wrote:
>>>
>>> > There are various plans, but since OIDF is primarily operating in
>>> > public,
>>> > I should think that "Amateur" plan would suffice. It is US$5/mo.
>>> > The limitation is that it can only have one private repository,
>>> > but that should be ok.
>>> >
>>> > =nat
>>> >
>>> > (2010/05/25 1:56), Brian Kissel wrote:
>>> >> What is the cost? The Tech Committee has some budget.
>>> >>
>>> >> Cheers,
>>> >>
>>> >> Brian
>>> >> ___________
>>> >>
>>> >> Brian Kissel
>>> >> CEO - JanRain, Inc.
>>> >> bkissel at janrain.com
>>> >> Mobile: 503.342.2668 | Fax: 503.296.5502
>>> >> 519 SW 3rd Ave. Suite 600  Portland, OR 97204
>>> >>
>>> >> Increase registrations, engage users, and grow your brand with RPX.
>>> >>  Learn
>>> >> more at www.rpxnow.com
>>> >>
>>> >>
>>> >> -----Original Message-----
>>> >> From: openid-specs-bounces at lists.openid.net
>>> >> [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of Nat
>>> >> Sakimura
>>> >> Sent: Monday, May 24, 2010 8:05 AM
>>> >> To: Johannes Ernst
>>> >> Cc: OpenID Specs Mailing List
>>> >> Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal
>>> >>
>>> >> Good idea.
>>> >>
>>> >> I can setup a project under bitbucket.org/openid/ (shall we upgrade to
>>> >> non-free version
>>> >> so that we get it under openid.net?) and it has a rudimentary bug
>>> >> tracking system.
>>> >> It can be used by logging in by OpenID.
>>> >>
>>> >> =nat
>>> >>
>>> >> On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst
>>> >> <jernst+openid.net at netmesh.us>  wrote:
>>> >>
>>> >>> Allen, combining what you just wrote with what Brian said on the board
>>> >>> mailing list about MRDs -- perhaps it would make sense to set up a
>>> >>> "bug
>>> >>> tracking system" of some kind and use that to drive spec evolution?
>>> >>> On May 23, 2010, at 18:56, Allen Tom wrote:
>>> >>>
>>> >>> Hi Johannes,
>>> >>>
>>> >>> There isn't a document summarizing the deficiencies with OpenID 2.0
>>> >>> discovery - I think it would be very useful for the WG and for the
>>> >>>
>>> >> Community
>>> >>
>>> >>> if we wrote this down
>>> >>>
>>> >>> Off the top of my head, some of the problems are:
>>> >>>
>>> >>> Yadis discovery is very vague as to exactly how the RP is supposed to
>>> >>>
>>> >> fetch
>>> >>
>>> >>> the OP's discovery document. Should it send the magic Accept header?
>>> >>>
>>> >> Look
>>> >>
>>> >>> for the X-XRDS-Location header in the response? Do HTML discovery? In
>>> >>> practice, many implementers have had problems implementing discovery
>>> >>>
>>> >> because
>>> >>
>>> >>> there are too many ways to do it
>>> >>> Speaking of Yadis, the specs need to be revised, and it's unclear how
>>> >>> to
>>> >>>
>>> >> go
>>> >>
>>> >>> about doing this
>>> >>> Because a compromised discovery document can result in the complete
>>> >>> breakdown in OpenID security - it's important that we find ways to
>>> >>>
>>> >> increase
>>> >>
>>> >>> the security of discovery - perhaps it can be signed? Moved into DNS?
>>> >>> Discovery is hard to implement - the majority of the code in OpenID
>>> >>> libraries is to implement discovery. We can probably simplify
>>> >>> discovery
>>> >>>
>>> >> to
>>> >>
>>> >>> require less code to implement
>>> >>> Delegation is a really useful feature in OpenID - it was pretty
>>> >>> straightforward in OpenID 1.1, but is very confusing (to say the
>>> >>> least)
>>> >>>
>>> >> in
>>> >>
>>> >>> OpenID 2.0 - we can probably do something in discovery to make
>>> >>>
>>> >> delegation
>>> >>
>>> >>> work better
>>> >>> The infamous NASCAR problem could possibly be helped by discovery
>>> >>> The infamous phishing problem could also possibly be helped by
>>> >>> discovery
>>> >>> LRDD, host-meta, and webfinger are pretty interesting - we should see
>>> >>>
>>> >> how
>>> >>
>>> >>> OpenID can leverage these new specs
>>> >>>
>>> >>> I'm sure that there are more issues with OpenID 2.0 discovery. Anyone
>>> >>>
>>> >> else
>>> >>
>>> >>> want to take a stab at it?
>>> >>>
>>> >>> Allen
>>> >>>
>>> >>>
>>> >>> On 5/21/10 7:55 PM, "Johannes Ernst"<jernst+openid.net at netmesh.us>
>>> >>>
>>> >> wrote:
>>> >>
>>> >>> On May 21, 2010, at 19:28, Allen Tom wrote:
>>> >>>
>>> >>> ... there's universal consensus that the existing OpenID 2.0 discovery
>>> >>> mechanism is very deficient ...
>>> >>>
>>> >>> Is there a summary somewhere of this "universal consensus" of
>>> >>>
>>> >> deficiencies?
>>> >>
>>> >>> Thanks,
>>> >>>
>>> >>>
>>> >>> Johannes Ernst
>>> >>> NetMesh Inc.
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> specs mailing list
>>> >>> specs at lists.openid.net
>>> >>> http://lists.openid.net/mailman/listinfo/openid-specs
>>> >>>
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > Nat Sakimura (n-sakimura at nri.co.jp)
>>> > Nomura Research Institute, Ltd.
>>> > Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>>> >
>>> > 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の
>>> > 開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受
>>> > 信されたメールを削除していただきますようお願い致します。
>>> > PLEASE READ:
>>> > The information contained in this e-mail is confidential and intended
>>> > for the named recipient(s) only.
>>> > If you are not an intended recipient of this e-mail, you are hereby
>>> > notified that any review, dissemination, distribution or duplication of this
>>> > message is strictly prohibited. If you have received this message in error,
>>> > please notify the sender immediately and delete your copy from your system.
>>> >
>>> >
>>> > _______________________________________________
>>> > specs mailing list
>>> > specs at lists.openid.net
>>> > http://lists.openid.net/mailman/listinfo/openid-specs
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>>
>> --
>> Nat Sakimura (n-sakimura at nri.co.jp)
>> Nomura Research Institute, Ltd.
>> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>>
>> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
>> PLEASE READ:
>> The information contained in this e-mail is confidential and intended for
>> the named recipient(s) only.
>> If you are not an intended recipient of this e-mail, you are hereby notified
>> that any review, dissemination, distribution or duplication of this message
>> is strictly prohibited. If you have received this message in error, please
>> notify the sender immediately and delete your copy from your system.
>>
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>
>
>
> --
> Website: http://hallambaker.com/
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en


More information about the specs mailing list