[OpenID] general Digest, Vol 31, Issue 31
John Bradley
john.bradley at wingaa.com
Wed Mar 18 01:20:57 UTC 2009
+1 on clarifying delegation and directed identity:)
I remain unconvinced that 1.1 backwards compatibility needs to be
removed from the 2.1 spec.
However there are things that need to be tightened up in the spec so
that backwards compatibility is safer.
I think it is inevitable that people will drop 1.1 support over time,
but until that happens naturally I would still like to provide
guidance in the spec on how best to deal with backwards compatibility.
As a plug for the OSIS interop testing!
I have a test for the directed identity + delegation vulnerability
that some RPs may be susceptible to at
https://test-id.org/RP/VerifyAssertionDiscovery.aspx
If you are an RP please run this test.
Any RPs or OPs who are not listed in the OSIS test matrix at:
http://osis.idcommons.net/wiki/I5_User-Centric_Identity_Interop_through_RSA_2009
can contact me if they would like to be listed.
Regards
John Bradley
On 17-Mar-09, at 12:00 PM, general-request at openid.net wrote:
> Date: Mon, 16 Mar 2009 22:48:15 -0700
> From: Allen Tom <atom at yahoo-inc.com>
> Subject: Re: [OpenID] Backwards Compatibility
> To: general at openid.net
> Message-ID: <49BF399F.3070102 at yahoo-inc.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> +1
>
> I'd be very happy to see 1.1 clearly deprecated, and in an ideal
> world,
> existing 2.0 implementations would already 2.1 compliant.
>
> If anything, I'd like to see things removed from 2.0, such as the DH
> key
> exchange.
>
> The 2.1 spec should mostly clarify ambiguous portions of the 2.0 spec,
> especially wrt to delegation and directed identity.
>
> Allen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090317/3ea2ad34/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090317/3ea2ad34/attachment-0002.bin>
More information about the general
mailing list