[OIDFSC] OpenID v.Next Discovery Working Group Proposal

Nate Benes natebenes at gmail.com
Tue May 25 12:25:01 UTC 2010


The github issue tracker works a little better.  Or if we wanted to roll our
own, we might be able to get in touch with the folks at OSUOSL.

Nate

2010/5/25 Nat Sakimura <n-sakimura at nri.co.jp>

> Is there a free hosting service for that? That seems to be the biggest
> difference here.
>
> =nat
>
> 2010/5/25 Phillip Hallam-Baker <hallam at gmail.com>:
> > Why not just copy the scheme that the W3C uses?
> >
> > They have an issue tracker and a bunch of other stuff and I am pretty
> > sure it is all based on open source. The only part that isn't is their
> > conference bridge with an IRC interface which is really cool but
> > requires a commercial bridge.
> >
> > Now if someone did that in Asterisk...
> >
> >
> > 2010/5/25 Nat Sakimura <n-sakimura at nri.co.jp>:
> >> >From the "commoner's" perspective, hg.openid.net and
> bitbucket.org/openid
> >> is somewhat different. Whether "openid" is in the "authority" segment or
> not
> >> makes the difference.
> >>
> >> For tools, wiki is sub-optimal for issue tracking. For that matter, I
> agree
> >> that bitbucket.org's issue tracking neither comes to my expectation,
> but at
> >> least, I would not have to set a server up or create new identity. I can
> >> reuse my openid.
> >>
> >> Ideally, it should be something that allows us to:
> >>
> >> - Use OpenID to login
> >> - Track the changes.
> >> - Issue should be assigned
> >>   - the expected end date
> >>   - person in charge
> >>   - status
> >>
> >> This will greately simplify our lives. Wiki is not so good for these
> when
> >> many issues starts to accumulate. FYI, I use redmine for my day job
> projects
> >> and are fairly good, but it is not a hosted solution.
> >>
> >> =nat
> >>
> >> (2010/05/25 13:05), David Recordon wrote:
> >>
> >> Or continue using BitBucket without a custom domain. I'm all for tools,
> but
> >> mercurial.openid.net versus bitbucket.com/openid doesn't feel like a
> large
> >> difference.
> >>
> >> On Mon, May 24, 2010 at 9:09 PM, Dick Hardt <dick.hardt at gmail.com>
> wrote:
> >>>
> >>> While I am a fan of using tools to simplify our lives, I am concerned
> that
> >>> we have setup a number of tools that seemed like a good idea and did
> not get
> >>> utilized.
> >>> I am fearful that community members will spend time on a new tool, only
> to
> >>> be disappointed in lack of use.
> >>>
> >>> How about we just use the wiki we have now to create a document we can
> all
> >>> edit?
> >>>
> >>> -- Dick
> >>>
> >>> On 2010-05-24, at 7:24 PM, Nat Sakimura wrote:
> >>>
> >>> > There are various plans, but since OIDF is primarily operating in
> >>> > public,
> >>> > I should think that "Amateur" plan would suffice. It is US$5/mo.
> >>> > The limitation is that it can only have one private repository,
> >>> > but that should be ok.
> >>> >
> >>> > =nat
> >>> >
> >>> > (2010/05/25 1:56), Brian Kissel wrote:
> >>> >> What is the cost? The Tech Committee has some budget.
> >>> >>
> >>> >> Cheers,
> >>> >>
> >>> >> Brian
> >>> >> ___________
> >>> >>
> >>> >> Brian Kissel
> >>> >> CEO - JanRain, Inc.
> >>> >> bkissel at janrain.com
> >>> >> Mobile: 503.342.2668 | Fax: 503.296.5502
> >>> >> 519 SW 3rd Ave. Suite 600  Portland, OR 97204
> >>> >>
> >>> >> Increase registrations, engage users, and grow your brand with RPX.
> >>> >>  Learn
> >>> >> more at www.rpxnow.com
> >>> >>
> >>> >>
> >>> >> -----Original Message-----
> >>> >> From: openid-specs-bounces at lists.openid.net
> >>> >> [mailto:openid-specs-bounces at lists.openid.net] On Behalf Of Nat
> >>> >> Sakimura
> >>> >> Sent: Monday, May 24, 2010 8:05 AM
> >>> >> To: Johannes Ernst
> >>> >> Cc: OpenID Specs Mailing List
> >>> >> Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal
> >>> >>
> >>> >> Good idea.
> >>> >>
> >>> >> I can setup a project under bitbucket.org/openid/ (shall we upgrade
> to
> >>> >> non-free version
> >>> >> so that we get it under openid.net?) and it has a rudimentary bug
> >>> >> tracking system.
> >>> >> It can be used by logging in by OpenID.
> >>> >>
> >>> >> =nat
> >>> >>
> >>> >> On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst
> >>> >> <jernst+openid.net at netmesh.us>  wrote:
> >>> >>
> >>> >>> Allen, combining what you just wrote with what Brian said on the
> board
> >>> >>> mailing list about MRDs -- perhaps it would make sense to set up a
> >>> >>> "bug
> >>> >>> tracking system" of some kind and use that to drive spec evolution?
> >>> >>> On May 23, 2010, at 18:56, Allen Tom wrote:
> >>> >>>
> >>> >>> Hi Johannes,
> >>> >>>
> >>> >>> There isn't a document summarizing the deficiencies with OpenID 2.0
> >>> >>> discovery - I think it would be very useful for the WG and for the
> >>> >>>
> >>> >> Community
> >>> >>
> >>> >>> if we wrote this down
> >>> >>>
> >>> >>> Off the top of my head, some of the problems are:
> >>> >>>
> >>> >>> Yadis discovery is very vague as to exactly how the RP is supposed
> to
> >>> >>>
> >>> >> fetch
> >>> >>
> >>> >>> the OP's discovery document. Should it send the magic Accept
> header?
> >>> >>>
> >>> >> Look
> >>> >>
> >>> >>> for the X-XRDS-Location header in the response? Do HTML discovery?
> In
> >>> >>> practice, many implementers have had problems implementing
> discovery
> >>> >>>
> >>> >> because
> >>> >>
> >>> >>> there are too many ways to do it
> >>> >>> Speaking of Yadis, the specs need to be revised, and it's unclear
> how
> >>> >>> to
> >>> >>>
> >>> >> go
> >>> >>
> >>> >>> about doing this
> >>> >>> Because a compromised discovery document can result in the complete
> >>> >>> breakdown in OpenID security - it's important that we find ways to
> >>> >>>
> >>> >> increase
> >>> >>
> >>> >>> the security of discovery - perhaps it can be signed? Moved into
> DNS?
> >>> >>> Discovery is hard to implement - the majority of the code in OpenID
> >>> >>> libraries is to implement discovery. We can probably simplify
> >>> >>> discovery
> >>> >>>
> >>> >> to
> >>> >>
> >>> >>> require less code to implement
> >>> >>> Delegation is a really useful feature in OpenID - it was pretty
> >>> >>> straightforward in OpenID 1.1, but is very confusing (to say the
> >>> >>> least)
> >>> >>>
> >>> >> in
> >>> >>
> >>> >>> OpenID 2.0 - we can probably do something in discovery to make
> >>> >>>
> >>> >> delegation
> >>> >>
> >>> >>> work better
> >>> >>> The infamous NASCAR problem could possibly be helped by discovery
> >>> >>> The infamous phishing problem could also possibly be helped by
> >>> >>> discovery
> >>> >>> LRDD, host-meta, and webfinger are pretty interesting - we should
> see
> >>> >>>
> >>> >> how
> >>> >>
> >>> >>> OpenID can leverage these new specs
> >>> >>>
> >>> >>> I'm sure that there are more issues with OpenID 2.0 discovery.
> Anyone
> >>> >>>
> >>> >> else
> >>> >>
> >>> >>> want to take a stab at it?
> >>> >>>
> >>> >>> Allen
> >>> >>>
> >>> >>>
> >>> >>> On 5/21/10 7:55 PM, "Johannes Ernst"<jernst+openid.net at netmesh.us>
> >>> >>>
> >>> >> wrote:
> >>> >>
> >>> >>> On May 21, 2010, at 19:28, Allen Tom wrote:
> >>> >>>
> >>> >>> ... there's universal consensus that the existing OpenID 2.0
> discovery
> >>> >>> mechanism is very deficient ...
> >>> >>>
> >>> >>> Is there a summary somewhere of this "universal consensus" of
> >>> >>>
> >>> >> deficiencies?
> >>> >>
> >>> >>> Thanks,
> >>> >>>
> >>> >>>
> >>> >>> Johannes Ernst
> >>> >>> NetMesh Inc.
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> _______________________________________________
> >>> >>> specs mailing list
> >>> >>> specs at lists.openid.net
> >>> >>> http://lists.openid.net/mailman/listinfo/openid-specs
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> > --
> >>> > Nat Sakimura (n-sakimura at nri.co.jp)
> >>> > Nomura Research Institute, Ltd.
> >>> > Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
> >>> >
> >>> >
> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の
> >>> >
> 開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受
> >>> > 信されたメールを削除していただきますようお願い致します。
> >>> > PLEASE READ:
> >>> > The information contained in this e-mail is confidential and intended
> >>> > for the named recipient(s) only.
> >>> > If you are not an intended recipient of this e-mail, you are hereby
> >>> > notified that any review, dissemination, distribution or duplication
> of this
> >>> > message is strictly prohibited. If you have received this message in
> error,
> >>> > please notify the sender immediately and delete your copy from your
> system.
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > specs mailing list
> >>> > specs at lists.openid.net
> >>> > http://lists.openid.net/mailman/listinfo/openid-specs
> >>>
> >>> _______________________________________________
> >>> specs mailing list
> >>> specs at lists.openid.net
> >>> http://lists.openid.net/mailman/listinfo/openid-specs
> >>
> >>
> >>
> >> --
> >> Nat Sakimura (n-sakimura at nri.co.jp)
> >> Nomura Research Institute, Ltd.
> >> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
> >>
> >>
> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
> >> PLEASE READ:
> >> The information contained in this e-mail is confidential and intended
> for
> >> the named recipient(s) only.
> >> If you are not an intended recipient of this e-mail, you are hereby
> notified
> >> that any review, dissemination, distribution or duplication of this
> message
> >> is strictly prohibited. If you have received this message in error,
> please
> >> notify the sender immediately and delete your copy from your system.
> >>
> >> _______________________________________________
> >> specs mailing list
> >> specs at lists.openid.net
> >> http://lists.openid.net/mailman/listinfo/openid-specs
> >>
> >>
> >
> >
> >
> > --
> > Website: http://hallambaker.com/
> > _______________________________________________
> > specs mailing list
> > specs at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs
> >
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100525/2ec3d7be/attachment.html>


More information about the specs mailing list