[OpenID] On OpenID 2.0
Recordon, David
drecordon at verisign.com
Tue May 1 15:15:30 UTC 2007
Directed identity has also been backported to 1.1, fyi.
--David
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Martin Atkins
Sent: Monday, April 30, 2007 11:07 AM
To: general at openid.net
Subject: Re: [OpenID] On OpenID 2.0
Granqvist, Hans wrote:
>
> * With 2.0 RP implementations almost non-existent in the
> field after more than ten months of spec work -- is there
> even a need for 2.0?
>
> * If you have a RP: why are you waiting with implementing
> 2.0? Is 1.1 good enough? Are you waiting for the spec
> to be final? Do security concerns hold you back?
>
This is an interesting point of discussion, actually.
What does 1.1 not do that we really wish it did? Is there anything we
can cut out of 2.0? Is there some way we can adjust 2.0 so that all 1.1
implementations are valid 2.0 implementations, while still retaining the
"must haves"?
To be honest, it's been so long since I thought about the 2.0 spec that
I've forgotten what the full list of new stuff is. Off the top of my
head I can think of:
* Directed identity aka "put in the URL of your IdP, not of you."
* A formalized extension mechanism
We also have Yadis discovery and XRI, but both have successfully been
backported to 1.1.
Is there anything I've forgotten? Can we just backport those two things
to 1.1 and call it 1.2?
I'm not suggesting we throw away the 2.0 spec, but more that we consider
whether it's possible to edit it so that it's less of a drastic jump?
On the other hand, if everyone's happy with 2.0 as-is then we might as
well just go ahead and publish it as final. No-one really seems that
enthusiastic about it, though.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list