[OpenID] Google's proprietary discovery extension?

Tue Jul 28 16:11:27 UTC 2009

What I most like about this initiative - apart from the technical content - it it breaks a taboo: that vendor-endorsed extensions are entirely proper. That is, you dont HAVE to beg openid foundation for permission to extend the openid auth protocol, or register it with some foundation controlled authority.

This opens the market for LOTS and lots of discovery extensions now, from lots of folks with new (and old) ideas about trust management.

________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Eric Sachs [esachs at google.com]
Sent: Tuesday, July 28, 2009 8:29 AM
To: Breno de Medeiros
Cc: general
Subject: Re: [OpenID] Google's proprietary discovery extension?

The Google announcement of this new OpenID service has now been formally posted at
http://googlecode.blogspot.com/2009/07/google-apps-openid-identity-hub-for.html

On Fri, Jul 10, 2009 at 11:13 AM, Breno de Medeiros <breno at google.com<mailto:breno at google.com>> wrote:
There is a proposal for a webfinger protocol based on standards (the IETF LRDD proposal and either (optionally signed) XRDS or the newly proposed (optionally signed) XRD format) that would allow users to type

'google.com<http://google.com>'

or their email address,

and it would just work. It would also work for users of Google Apps for Your Domain, that have email addresses that are not @gmail.com<http://gmail.com> or @googlemail.com<http://googlemail.com>. These users comprise a significant portion of our user base.

Hopefully the community will be excited about these possibilities and will embrace a new vision for discovery that supports all users. We at Google have NOT been working on this behind the scenes. For instance, see John Panzer's blog post on webfinger at http://www.abstractioneer.org/, our involvement in the XRI TC (see the markmail links in Eric's message), and many emails that we have exchanged in the various openid mailing lists about discovery in the past several months. We have also added our names to a proposal for an OpenID discovery WG http://wiki.openid.net/OpenID-Discovery

We invite all that are excited about possibilities with a new discovery mechanism (supporting email and xmpp addresses as OpenID identifiers, improving security of discovery, making it more flexible to work with hosted applications, etc.) to
contribute with momentum to move this forward.

On Thu, Jul 9, 2009 at 10:14 AM, Eric Sachs <esachs at google.com<mailto:esachs at google.com>> wrote:
>> I haven't heard anything about this except from this one article.

In terms of more background on the evolving discovery standards, the best information is actually on a blog run by Eran Hammer-Lahav at Yahoo who has led a lot of the work in this space.  Here is a hyperlink which will show you all the blog posts he has done about "discovery" and he has done a good job of trying to provide background.
http://www.hueniverse.com/hueniverse/discovery/
Note though that this work is not specific to OpenID, but instead is to try to provide a generic discovery mechanism that can be used my multiple protocols.

If you want to join some of the discussions, here are links to a few threads:
http://lists.oasis-open.org/archives/xri/200905/msg00025.html
http://markmail.org/message/rup4ikec43bk4wkg
http://markmail.org/message/5ckiqdzjguipa3qf
We do still want more community discussions about discovery, and its application to OpenID.  While these standards are being refined, we are providing a proof-of-concept implementation of a next-generation OpenID discovery protocol. While some of the details of this proof-of-concept-implementation are different from what the eventual standards are likely to look like (e.g., we're using XRDS instead of XRD for discovery documents, and are using temporary namespaces), we believe all the necessary pieces are there.  For nitty gritty details, see http://sites.google.com/site/oauthgoog/fedlogininterp/openiddiscovery

On Thu, Jul 9, 2009 at 9:59 AM, Andrew Arnott <andrewarnott at gmail.com<mailto:andrewarnott at gmail.com>> wrote:
Oops.... I sent my email to the wrong list.  See below.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

On Thu, Jul 9, 2009 at 9:58 AM, Andrew Arnott <andrewarnott at gmail.com<mailto:andrewarnott at gmail.com>> wrote:
>From http://www.readwriteweb.com/archives/google_to_announce_major_identity_initiative_for_1.php

OpenID relying parties will need to be redirected from the domain provided at user login over to Google's OpenID service. In order for this redirect to happen, all relying parties will need to start looking for a new OpenID extension that Google has developed and implemented in conjunction with one relying party technology, JanRain's RPX<http://www.janrain.com/>.

Is this just FUD about Google?  I haven't heard anything about this except from this one article. And Google's own OpenID for Google Apps<http://code.google.com/intl/ja/apis/accounts/docs/OpenID.html> page says nothing about a special extension.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general

_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general

--
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)