[OpenID] Google discovery prototype: host-meta from Google
Breno de Medeiros
breno at google.com
Thu Jul 16 15:52:07 UTC 2009
Currently discovery is _not_ dissociated from trust. Trust is established by
having documents being recoverable from specific paths.
The new XRD proposal allows a different trust model based on signatures.
There is nothing preventing clients from ignoring the new trust model and
stick with the old one. They can ignore signatures and require documents to
be available on designated paths. Of course, some sites (possibly a large
percentage in the future) might launch discovery-based services where their
discovery document is hosted elsewhere (typically because conforming to the
strict location requirements of the current scheme would be too onerous).
The simple clients that stick with the old model will not be able to use any
of these services. But life remains simple for them. It is a cost/benefit
choice that they can easily make.
On Thu, Jul 16, 2009 at 3:18 AM, Santosh Rajan <santrajan at gmail.com> wrote:
> Trust must be decoupled from discovery. We need to start with a simple
> basic
> discovery with no trust addressed. Then we need to add layers of trust in
> such a way that users and applications can pick and choose the level of
> trust they need.
>
--
--Breno
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090716/d8720e9c/attachment.htm>
More information about the general
mailing list