[security] OpenID Security Best Practices Doc
David Fuelling
sappenin at gmail.com
Tue Jun 9 04:53:14 UTC 2009
On Mon, Jun 8, 2009 at 9:03 PM, Allen Tom <atom at yahoo-inc.com> wrote:
> Hi All,
>
> As part of the OpenID 2.1 Working Group proposal, I've been nominated to
> edit the OpenID Security Best Practices document, which will be a living
> document that contains security related best practices as determined by the
> community.
>
> Although we haven't officially kicked off the OpenID 2.1 WG yet...
Hi Allen,
First of all, this is great work -- thanks for doing it! At the moment, I
don't have anything further to add from a technology perspective.
That said, I am looking for some clarity on the whole "Working Group" idea.
I know there's an OpenID 2.1 draft charter that's on the wiki (and has been
circulated on this list), but I haven't seen much activity surrounding
this. In fact, this past week I've been trying to "push this along" a bit
by posting some discussion points about Discovery and Auth 2.1, and trying
to (as a community) determine if we should separate this into two WG's -->
Discovery 2.1 and the rest of 2.1.
Anyway, when you said you had been "nominated", it made me think there's
some shadow process going on behind the scenes when it comes to these
Working Groups. Am I missing something? Are there "private" WG discussions
going on that the rest of us can't see? Or are you just "taking some
initiative", as it were?
(Really, I'm not trying to be a jerk here -- I have no objection to you
being the editor for this stuff -- I'm really just looking to get "in the
loop" on this Working Group business, assuming I'm out if currently).
Thanks!
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20090609/fe7372f9/attachment.htm>
More information about the security
mailing list