[OpenID] TransparencyCamp and OpenID (U)
Johannes Ernst
jernst+openid.net at netmesh.us
Thu Mar 12 22:37:33 UTC 2009
On Mar 12, 2009, at 9:46, Ben Laurie wrote:
> I agree that all of SAML is way too large a pill to swallow but
> there's no reason subsets that are usable cannot be defined, and,
> indeed, have been.
I would love it if somebody was actually starting a working group (in
Apache they would call it "incubate") that would propose all the gory
details of a "more secure" form of OpenID that still fits into the
decentralized, discovery-based OpenID architecture. Only then can we
tell what may or may not be the better approach.
Every time this discussion comes up, it's "we have this and we know
how it works" vs. "perhaps something could be invented that also
did ..." -- as long as that something-to-be-invented has not been
written down and is thus available to throw tomatoes at, the
discussion does not seem to get us anywhere.
The closest re SAML that I've seen so far was the Sun experiment a
while back to do Yadis discovery for a SAML auth flow if I recall this
correctly. But even that was not specific enough to really make it
possible to discuss. For example, I do not recall it contained a
proposal for automatic key distribution. (My memory is a bit shaky, I
might be wrong about what was demonstrated.)
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090312/5b346dbd/attachment-0004.gif>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090312/5b346dbd/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list