<br><br><div class="gmail_quote">On Mon, Jul 13, 2009 at 1:44 PM, John Bradley <span dir="ltr"><<a href="mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dirk,<br>
<br>
I don't think the openid general list can give you permission to do anything.<br>
</blockquote><div><br>I understand that. I'm trying to gauge what people think about the idea. If there would be lots of "sure, that sounds like a good idea" responses, I would take heart in knowing that I would probably not end up in purgatory if I went ahead and used the namespace even before a formal approval process has been found. But frankly, I would have thought that we could do something like X-... HTTP headers, which wouldn't even need approval.<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
The only negative response was from David who I believe wants the namespace reserved for official openID WG.<br>
<br>
If we can get the registry going I would personaly be OK with you using <a href="http://experimental.openid.net" target="_blank">experimental.openid.net</a>.<br>
<br>
However at this point I have to recommend using something in the google namespace.<br>
<br>
What you have proposed is a prototype so I don't think, using a different namespace is a big deal.<br>
</blockquote><div><br>Well, that's the alternative. I'd hate to do that, though, since I'm not trying to invent some Google-proprietary thing. I would like to signal to the world that (at least in my opinion) this is a contribution to the ongoing conversation about how OpenID should evolve. <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">OpenSocial is using its own namespace.</blockquote><div><br>They're extending XRDS for OpenSocial discovery, so they use an OpenSocial namespace. I'm extending XRDS to discover OpenID endpoints, so I'd like to use an OpenID namespace.<br>
<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I just don't think holding up your work to get something registered in <a href="http://experimental.openid.net" target="_blank">experimental.openid.net</a> is worth it.<br>
I also don't think it is appropriate for google to use it without the appropriate permission whatever that turns out to be.<br>
<br>
It isn't like my opinion counts for much but you have it.<br>
</blockquote><div><br>Thanks John, always appreciated!<br><br>Dirk.<br><br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
Regards<br>
John B.<br>
<br>
On 13-Jul-09, at 1:34 PM, <a href="mailto:general-request@openid.net" target="_blank">general-request@openid.net</a> wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Date: Mon, 13 Jul 2009 10:10:46 -0700<br>
From: Dirk Balfanz <<a href="mailto:balfanz@google.com" target="_blank">balfanz@google.com</a>><div class="im"><br>
Subject: Re: [OpenID] experimental namespace for <a href="http://openid.net" target="_blank">openid.net</a><br></div>
To: Breno de Medeiros <<a href="mailto:breno@google.com" target="_blank">breno@google.com</a>><br>
Cc: OpenID Specs Mailing List <<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a>>, "<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
List" <<a href="mailto:general@openid.net" target="_blank">general@openid.net</a>><br>
Message-ID:<br>
<<a href="mailto:60c552b80907131010w10bec492h3cb544488f2f4c3f@mail.gmail.com" target="_blank">60c552b80907131010w10bec492h3cb544488f2f4c3f@mail.gmail.com</a>><br>
Content-Type: multipart/alternative;<br>
boundary=0016369fa20d26d882046e9967c1<br>
<br>
--0016369fa20d26d882046e9967c1<br>
Content-Type: text/plain; charset=ISO-8859-1<br>
Content-Transfer-Encoding: 7bit<div><div></div><div class="h5"><br>
<br>
Hi guys,<br>
somehow I only get sporadic messages from this mailing list (I'll have to<br>
dig through my spam settings, etc, to find out what's going on there), so I<br>
read the various responses on the web archives. Let me try to respond to<br>
them:<br>
<br>
- XMLDSIG vs. other kinds of signatures: This is exactly the kind of<br>
discussion going on at the XRI TC right now. There are those on the TC that<br>
think xmldsig with constrained c14n will work, and those that think that<br>
this is still too complicated. You're welcome to join the TC and participate<br>
in the discussion.<br>
<br>
- Google "gatewaying" users through itself (by hosting host-meta files for<br>
domains at Google): we have no intention of gatewaying users through Google.<br>
When a domain hosts its own host-meta, the discovery will of course just<br>
work. We simply asked ourselves the question: How can we give all our Google<br>
Apps users an OpenID with the least amount of work required on the part of<br>
the Google Apps domain admins? Domains should host their own host-meta. If<br>
they don't (and many won't), RPs should find a way to still perform<br>
discovery for that user. Trying Google _first_, and then the domain, will in<br>
the vast majority of cases result in lower latency from<br>
user-supplied-identifier to discovery information than the other way 'round.<br>
But RPs can do whatever they want. They could, for example, try both in<br>
parallel and go with whatever host-meta comes back first (be that from<br>
Google, from another hosting provider, or from the actual domain).<br>
<br>
- Having said all that, what I was trying to figure out in this thread was<br>
that assuming that a provider wants to launch a proof-of-concept<br>
implementation of a feature that I think we all agree is needed in OpenID<br>
(in this case, better discovery), what namespace should the provider use for<br>
the various pieces in the protocol that haven't officially been approved<br>
yet. The responses that actually tried to address that question seemed to<br>
think that <a href="http://experimental.openid.net" target="_blank">http://experimental.openid.net</a> was a good idea, but that some<br>
sort of process might be needed to hand out chunks of that namespace. I<br>
assume that that process should make sure that the provider in question is<br>
making a good-faith effort to actually contribute to the OpenID community<br>
during the further development of the feature in question, as opposed to<br>
grabbing just a chunk of semi-official-sounding namespace? I'm a wee bit<br>
concerned that the processes that people want to see in place for this might<br>
take a bit of time to establish (feel free to prove me wrong by setting up a<br>
registry, etc!), so I'm wondering whether in this case we could follow the<br>
spirit of the yet-to-be-established process (assuming I captured it<br>
correctly), as opposed to the letter (which doesn't exist yet), and just<br>
agree that it is ok for us, in this case, to use that namespace.<br>
<br>
Cheers,<br>
<br>
Dirk.<br>
<br>
</div></div></blockquote>
<br>
</blockquote></div><br>