<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Peter,<div><br></div><div>OSIS conducted interop testing as part of I4 and it will be a focus area for I5.</div><div><a href="http://osis.idcommons.net/wiki/Main_Page">http://osis.idcommons.net/wiki/Main_Page</a></div><div><br></div><div>OSIS attempts to encourage conformance through working with OPs and RPs. </div><div><br></div><div>A number of OP and RP issues were discovered and fixed during I4.</div><div><br></div><div>Without mandatory conformance this is the world we line in. </div><div><br></div><div>There is nothing to force a RP or OP to support all of the possible features. </div><div><br></div><div>As a user if you want to have your own URI and delegate authentication choose a OP that supports it properly.</div><div>OP's like Yahoo and Google are not obligated to support every possible use case.</div><div><br></div><div>I will also observe that most people who use delegation are not protecting there discovered meta-data with ssl certs.</div><div>That is the biggest security problem with delegation.</div><div><br></div><div>OpenID provides a lot of flexibility that is one of the reasons for its adoption. </div><div>I don't think conformance and licensing rules are the way to go.</div><div><br></div><div>Regards</div><div>John Bradley</div><div>=jbradley</div><div><br><div><div>On 6-Nov-08, at 11:27 AM, Peter Williams wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>This is beginning to sound like EAP/802.1x and cisco, where every vendor now does their own profile (which works with nobody else's supplicants/authenticators).<br><br>I just dont like directed, I dont do it. Tough UCI user!<br>I just dont like delegation, I dont do it. Tough UCI user!<br>I just dont like delegation with directed, I dont do it. Tough UCI user!<br><br>In that culture in general, the average SP working with the average user...cannot work with 1 IDP the way it works with another use yesterday (e.g. myopenid) - undermining UCI therefore. Sites HAVE to be tuned for the IDP in question.<br><br>What a shame! OpenID had SO MUCH potential to do better than idp-centric federation networks.<br><br>or, we create a conformance/interoperability forum, like WIFI, to stop the mess before it undermines public confidence in end-end **interoperability** of ALL the major modes of interworking defined in the OpenID2 spec.<br><br><br>________________________________<br>From: <a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a> [<a href="mailto:general-bounces@openid.net">general-bounces@openid.net</a>] On Behalf Of John Bradley [<a href="mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>]<br>Sent: Thursday, November 06, 2008 10:50 AM<br>To: <a href="mailto:general@openid.net">general@openid.net</a><br>Subject: [LIKELY_SPAM]Re: [OpenID] Problems with delegation and directed identity OPs<br><br><br><br><br>Verisign works because the <LocalID> matches what is returned in openid.identity.<br><br>Google is not supporting delegation as far as I can tell probably smart on there part.<br><br><br></div></blockquote></div><br></div></body></html>