<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">+1 on clarifying delegation and directed identity:)<div><br></div><div>I remain unconvinced that 1.1 backwards compatibility needs to be removed from the 2.1 spec.</div><div><br></div><div>However there are things that need to be tightened up in the spec so that backwards compatibility is safer.</div><div><br></div><div>I think it is inevitable that people will drop 1.1 support over time, but until that happens naturally I would still like to provide guidance in the spec on how best to deal with backwards compatibility.</div><div><br></div><div>As a plug for the OSIS interop testing! </div><div>I have a test for the directed identity + delegation vulnerability that some RPs may be susceptible to at </div><div><a href="https://test-id.org/RP/VerifyAssertionDiscovery.aspx">https://test-id.org/RP/VerifyAssertionDiscovery.aspx</a></div><div><br></div><div>If you are an RP please run this test. </div><div><br></div><div>Any RPs or OPs who are not listed in the OSIS test matrix at:</div><div><a href="http://osis.idcommons.net/wiki/I5_User-Centric_Identity_Interop_through_RSA_2009">http://osis.idcommons.net/wiki/I5_User-Centric_Identity_Interop_through_RSA_2009</a></div><div>can contact me if they would like to be listed.</div><div><br></div><div>Regards</div><div>John Bradley</div><div><br></div><div><div><div>On 17-Mar-09, at 12:00 PM, <a href="mailto:general-request@openid.net">general-request@openid.net</a> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-family: -webkit-monospace; font-size: 10px; ">Date: Mon, 16 Mar 2009 22:48:15 -0700<br>From: Allen Tom <<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>><br>Subject: Re: [OpenID] Backwards Compatibility<br>To:<span class="Apple-converted-space"> </span><a href="mailto:general@openid.net">general@openid.net</a><br>Message-ID: <<a href="mailto:49BF399F.3070102@yahoo-inc.com">49BF399F.3070102@yahoo-inc.com</a>><br>Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br><br>+1<br><br>I'd be very happy to see 1.1 clearly deprecated, and in an ideal world, <br>existing 2.0 implementations would already 2.1 compliant.<br><br>If anything, I'd like to see things removed from 2.0, such as the DH key<span class="Apple-converted-space"> </span><br>exchange.<br><br>The 2.1 spec should mostly clarify ambiguous portions of the 2.0 spec,<span class="Apple-converted-space"> </span><br>especially wrt to delegation and directed identity.<br><br>Allen<br><br></span></blockquote></div><br></div></body></html>