[OpenID] OpenID Discovery for Email like identifiers - Draft 0.1

Thu Jun 4 15:19:05 UTC 2009

Im hearing u say that there is no need for standardization work. Vendors may want to add value to the minimum tho, and support means of computing an xrd other than xri resolution and yadis V2.

I don't see that as any different to rps today having facebook connect  icon, alongside openid. Or google icon, which accelerates the openid flow. Or clickpass, that does whatever it does.

It would be similarly fun to add an application partion to a windows dc forest, and let ldap (or gc) resolution retreive static xrd values maintained in that extra partition, too. Then, just as xri resolution can distinguish authoritative verifiers for openid realms, so dc forest trust can be using kerberos tree walking between the delegated and child/parent namespaces in a windows forest to metaverify the authorities of the domains to distribute xrd files. This may be cuter than putting xmldsigs on xrd, since the kerberos process would address the authentcation and authority needs simultaneously. If u are familiar with the means by which read only dcs (namespace replicas) work, by delegating their kerberos kdc to a more secure replicant, one would get assurance for xrd distribution endpoints that are rather exposed, too.

Good to see open id focussing now on the trust model for uci Its time. Discovery is not about merely locating an xrd: its about verifying the authority of the distributor, in some rp-centric trust logic, which, if suitably modal, will express some flavor of the uci vision.

-----Original Message-----
From: Santosh Rajan <santrajan at gmail.com>
Sent: Wednesday, June 03, 2009 10:10 PM
To: general at openid.net <general at openid.net>
Subject: Re: [OpenID] OpenID Discovery for Email like identifiers - Draft 0.1

Thank you for clarifying this David.

The way I see it we are the "end-users" for webfinger and XRD. Their
objective will be to cater to the our requirements and others like us. We
need not wait for them to get on with our work. Actually they can use our
feedback to refine and fine tune their work.

So I think we should form a working group of people like you, who have
already worked on this, and others who may want to work on this.

But I also agree with Chris's view that we don't need more working groups
and need to fold this into 2.1.
The only two reasons i can think of for the need of a separate working group
is to maintain momentum, and to have a group people solely focussed on
discovery part of 2.1.

sappenin wrote:
>
> Hey Santosh,
>
> My appologies --  I wasn't "Laughing Out Loud" at you, or your effort.  I
> was instead laughing at the irony involved in this process because I
> sometimes feel like I'm going in circles with the whole "email to OpenID"
> effort.
>
> For me, this effort started back before OpenID on the DIX protocol mailing
> lists.  Once that protocol was merged into OpenID, the effort continued
> with
> months of discussion surrounding email as OpenID's, then debating emails
> as
> 1st/2nd class citizens, then me putting out a straw-man spec to convert
> email's to openId's, then EAUT to be more generic (emails to URLs), then
> webfinger (to take advantage of XRD), then "OpenID Discovery for Email
> like
> Identifiers" (to codify webfinger), and then back to webfinger, and now
> back
> to OpenID Discovery for Email like Identifiers (for IPR).
>
> To me that's pretty funny, in a groundhog-day sort of way.  I didn't mean
> anything personal by it...sorry if my email was a bit ambiguous on that
> point.
>
> While this process has been tedious, I think every step of the way in my
> "circular list" above has yielded positive things (just in case you were
> beginning to think people had given up on trying to make OpenID work with
> email addresses).
>
> For now, my hunch is that webfinger is stalled because it relies heavily
> on
> XRD, which is still being formalized.  Once XRD comes out, I think you'll
> see a lot more momentum around webfiner (or whatever it ends up being
> called), as well as OpenID 2.1.
>
> david
>
> On Wed, Jun 3, 2009 at 9:03 PM, Santosh Rajan <santrajan at gmail.com> wrote:
>
>> sappenin wrote:
>> >
>> > LOL.  So, is it fair to say this document isn't necessary?
>> >
>>
>> This is not so funny if you consider the fact that this is "all you
>> have".
>> And is all the momemtum you have.
>>
>> > Assuming web-finger does what OpenID needs it to WRT to email
>> identifiers,
>> > then OpenID Discovery 2.1 could just reference webfinger.
>> >
>>
>> The way things stand as of now. This document "IS" in effect your
>> webfinger
>> protocol. So you will be referencing back to this document!
>>
>> > Am I missing something?
>> >
>>
>> A lot. After the initial euphoria the webfinger protocol seems to have
>> lost
>> steam after the 7th of May. As a matter of fact I didn't have to come up
>> with this document if they were doing something about it.
>>
>> This whole thing is about "momemtum" whichever way you want to do it i am
>> ready to help as long as there is momentum.
>>
>> So what can you do for building some momentum here?
>>  -----
>>
>> Santosh Rajan
>> http://santrajan.blogspot.com http://santrajan.blogspot.com
>> --
>> View this message in context:
>> http://www.nabble.com/OpenID-Discovery-for-Email-like-identifiers---Draft-0.1-tp23832524p23863088.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/OpenID-Discovery-for-Email-like-identifiers---Draft-0.1-tp23832524p23863880.html
Sent from the OpenID - General mailing list archive at Nabble.com.

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general