How are we going to coordinate this discussion towards a deliverable?<br><br>Are we going to start formal work on authentication 2.1?<br><br>Are we going to form the discovery WG that was proposed 5-6 months ago? The original scope for that WG was not a specification, but a guidance document on how to use discovery in OpenID (so that authentication 2.1 could use only a few sentences, such as "in this document, whenever we refer to discovery, we mean XRD discovery, see <reference> for how to use XRD discovery in OpenID and also how to deal with legacy discovery mechanisms that were specified in previous versions of the spec" or some equivalent language).<br>
<br>I am weary of engaging in yet another thread(s) about discovery with a clear prospect for a tangible deliverable.<br><br><br><div class="gmail_quote">On Thu, Jun 4, 2009 at 2:09 PM, David Fuelling <span dir="ltr"><<a href="mailto:sappenin@gmail.com">sappenin@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Peter (et al): <br><br>I'm open to discussing the "type" of identifier that OpenID 2.1 should support. I rather agree with one of your (Peter's) previous posts that OpenID should allow _any_ type of identifier. I would add the following caveats to that support, as follows:<br>
<ol><li><b>ALL OpenID 2.1 Identifiers MUST be Resolvable to XRD<br> </b>Any OpenID Identifier MUST be able to be resolved to an XRD (with XRD being the primary "discovery" mechanism supported by OpenID 2.1). Legacy discovery mechanisms from OpenID 1.0, 1.1, and 2.0 should still be supported, but would be restricted to URL's & XRI's (with EAUT possibly filling in the gap for email addresses).<br>
<br></li><li><b>Start With Only 3 Required Identifiers as a Baseline<br></b>OpenID 2.1 should mandate that all OP's and RP's support URL, XRI, and Email-like identifiers (only because these are the most common form of identifier -- Peter, I personally don't see a lot of LDAP identifiers being thrown around today on business cards, e.g.).<br>
<br></li><li><b>Allow for Future Identifier Support as Decided by the Community<br></b>An extension mechanism should be defined that allows the OIDF community to endorse (via extension specifications) new OpenID 2.1 Identifiers. The Jabber Foundation has done this sort of extensibility thing with decent success (not necessarily with Identifiers, but in general). This Identifier extensibility model would accomplish the following:<br>
<br></li><ol><li>It will preclude the need to actually _decide_ whether and which types of new identifiers to include in the 2.1 spec (email identifiers not withstanding). <br></li><li>It would allow the community to vote on each new particular identifier type on its own merits, preventing the "stall" of the 2.1 spec.</li>
<li>It would ensure that OP's and RP's are only required to support a baseline of OpenID functionality, while at the same time leaving room some new form of identifier that might take off in the future (Google Wave? Nah....Looks like that will still have an email address format for Identifiers). <br>
<br></li></ol><li><b>Some Other Requirement?<br></b>Am I missing something?<br></li></ol><br><div class="gmail_quote">On Thu, Jun 4, 2009 at 8:21 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com" target="_blank">pwilliams@rapattoni.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">There is no open discovery protocol. There is simply use of 2 externally defined protocols (yadis and xri resolution).<br>
<br>
As it stands, openid auth spec constrains ane canonicalizes c the allowed inputs to those protocols, when used.<br>
<br>
Are you guys also proposing that an op might discover an rp realm xrd, from a rp identified in openid auth that is not either an http/s scheme url or an xri?<br>
<br>
Will it be mandatory for op to support webfinger, if the rp realm chooses to so identify itself?<br>
<br>
Why this one and not all the others such as gc and ldap? (apart from, its in the news today)<br>
<br>
________________________________<br>
</blockquote></div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>--Breno<br><br>+1 (650) 214-1007 desk<br>+1 (408) 212-0135 (Grand Central)<br>MTV-41-3 : 383-A <br>PST (GMT-8) / PDT(GMT-7)<br>