[OpenID] JOID Question

Peter Williams pwilliams at rapattoni.com
Thu Aug 16 16:09:12 UTC 2007 

Almost about to try my own SAML-gateway provider with JOID in practice, I realized I don't know its compliance level (auth 1.0, auth1.1, open 2.0 draft 10, draft 11...). I've also no clue whether I really trust JOID technically in any case, concerning its obligations to reverse the delegation on the JOID end of the critical security handshake. 
 
Given this community is right now in discussion on "What's the mission (if any) of the OpenID(tm) trademark initiative?", perhaps we do have an emerging rational for an enforced trademark process - to address core issues such as the obligation to "post notice of claimed compliance". If the trademarked process agreed with those claims, it countersigns the FOAF to signal a license grant to use the trademark icons.
 
Wouldn't it then be just wonderful if the association setup messages could cite the URL of the sending party's (signed) FOAF file in those association-phase message on the backchannel? With that technical amendment adopted widely, any agent optionally armed with (signed) metadata handling capabilities and access to its own wot metadata for (optionally) validating the signatures could learn from its potential peer's robot's (signed) metadata what the robot's compliance level is, what its delegation-control policies are, and what its trademark licensing standing be.
 
I recognize we are hitting up on WS* equivalent policy-endpoint control processes by doing this. WS-Policy, WS-SecurityPolicy etc (even when applied to a RESTful binding of web service contracts) already address much of this, using OASIS standards rather than the semantic web movement.  However, I foresee little chance of OpenID community adopting those OASIS standards, given their alignment with  SAML protocols. As its trivially easy to adopt the FOAF signed metadata in the OpenID protocol machinery (even Peter could do it), we could opt for the more pragmatic course of action.
 
Is this a topic for an proposed extension? using the message-extension apparatus?
 
________________________________

From: general-bounces at openid.net on behalf of Frans Thamura
Sent: Thu 8/16/2007 7:56 AM
To: general at openid.net
Subject: [OpenID] JOID Question



hi all,

i run openid4java, and try the consumer demo, run well, but the
openid-server, still in progress

and now i try joid, i can see the consumer demo work better than openid4java.

but i cannot try the server demo,

anyone here can help?

i try to join joid mailing ist, but still un approved yet, i joined to
the mailing list 2 weeks ago

F
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list