<HTML dir=ltr><HEAD></HEAD>
<BODY>
<BLOCKQUOTE>
<DIV id=idOWAReplyText33313 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>1. At plaxo webapp, @blog*lockbox works. Nice experience</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2><U><FONT color=#0066cc><A href="https://www.plaxo.com/signin" target=_blank>https://www.plaxo.com/signin</A></FONT></U><A href="http://plaxo.com/singup" target=_blank></A></FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>2. At Rapattoni linking-consumer, <FONT face=Arial size=2>@blog*lockbox </FONT>we have a nice.</FONT></DIV></DIV><FONT face=Arial size=2><A href="http://rapattoni.trustbearer.com/consumer/?user_openid=@blog*lockbox&title=SWMR%20LOGIN%20PAGE%20SIMULATION&redirect=http://swmrsso.rapmlsstg.com/idp/startSSO.ping?PARTNER=rapattoni:mlsstgswmichigan:entityId" target=_blank>http://rapattoni.trustbearer.com/consumer/?user_openid=@blog*lockbox&title=SWMR%20LOGIN%20PAGE%20SIMULATION&redirect=http://swmrsso.rapmlsstg.com/idp/startSSO.ping?PARTNER=rapattoni:mlsstgswmichigan:entityId</A></FONT></BLOCKQUOTE><FONT face=Arial color=#000000 size=2><SPAN style="FONT-SIZE: 7.5pt">
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV dir=ltr><FONT face=Arial size=2>3. At skip email-replicator webapp, <FONT face=Arial size=2>@blog*lockbox is rejected - because something about my XRI or the XRI infrastructure is "unauthoritative". I - the user - just know it doesnt work.</FONT></FONT></DIV>
<DIV dir=ltr><FONT size=2></FONT><FONT size=2></FONT> </DIV>
<DIV dir=ltr><FONT size=2>4. At Blogger, @blog*lockbox doesnt work because blogger doesn't (yet) support openid2, and thus directed-id...Yahoo interaction, etc. When it does work, we will see if one can leave authenticated comments as (authoritative) XRIs identities, without having to be signed in to the GooglePlex.</FONT></DIV></BLOCKQUOTE>
<DIV id=idOWAReplyText33313 dir=ltr>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>5. At plaxo webapp, @freeid*lockbox works. Nice experience. Unfortuantely, I cannot ever manage to authenticate myself to the OP at freeid, due to password provisioning issues. Email login only get one very limited management rights on the OP, not including openid setup , account linking of infocards, etc</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2><U><FONT color=#0066cc><A href="x-excid://80FF0000/uri:https://www.plaxo.com/signin" target=_blank>https://www.plaxo.com/signin</A></FONT></U><A href="x-excid://80FF0000/uri:http://plaxo.com/singup" target=_blank></A></FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>6 At Rapattoni linking-consumer, <FONT face=Arial size=2>@freeid*lockbox </FONT>gets relayed to a horrid OP user login page (showing canonical IDs). A review of hints from John, JanRain notes about possible library bugs and trying again to the spec (about what must happen in id_req with cliamed_id and identity) left us confounded about what is and is not compliant behaviour concerning the openid.identity field, particularly when distinguishing various XRI resolution cases: (i) forwarding i-services (ii) multiple authoritative aliases for an i-number (iii) canonical i-number resolution.</FONT></DIV></BLOCKQUOTE>
<DIV dir=ltr><FONT size=2></FONT> </DIV></DIV>
<DIV dir=ltr><FONT size=2>Now, given all that, If I had power over time and space, Id have NIST come in and create a uniform test case spec, enumerating the classical cases of XRI usage and publishing the test vectors - so we have a consistent operating standard by which to judge operational compliance. But, I dont have that power! </FONT></DIV>
<DIV dir=ltr><FONT size=2></FONT> </DIV>
<DIV dir=ltr><FONT size=2>Peter.</FONT></DIV></SPAN></FONT>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Johnny Bufu<BR><B>Sent:</B> Tue 3/25/2008 7:25 PM<BR><B>To:</B> Peter Williams<BR><B>Cc:</B> Dick Hardt; openid-general List<BR><B>Subject:</B> Re: [OpenID] Weighing In on TechCrunch's "Is OpenID Being Exploited By The Big Internet Companies?"<BR></FONT><BR></DIV>
<DIV><PRE style="WORD-WRAP: break-word">On 24-Mar-08, at 4:16 PM, Peter Williams wrote:
> At https://verify.sxip.com/email/auth/request @blog*lockbox
> doesn't resolve.
>
> Can you move the site up to OpenID2 compliance?
It actually is; the error that I see in the logs (which should be
better exposed in the interface) is "ProviderID is not authoritative
for the CanonicalID".
OpenID4Java performs this (quite important) verification step, while
the underlying openxri library and xri.net were not (at least the
last time I talked to the people in charge there).
Johnny
</PRE></DIV></BODY></HTML>