<div class="gmail_quote">On Tue, Jun 9, 2009 at 5:38 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"></div>
Is the community ready to move forward with OpenID 2.1? </blockquote><div><br>
I can't necessarily speak for the community, but I'd at least like to
move forward with the 2.1 Discovery WG. The output of that is expected
to be a "best practices" document relating to Discovery that would (it
is expected) be used in the regular OpenID 2.1 WG.<br>
<br>
I'm not opposed to doing all of this in parallel.<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I do believe that we really need a security best practices document, and it shouldn't have to wait until OpenID 2.1 is finalized.<div class="im">
<br>
</div></blockquote><div><br>+1<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Anyway, when you said you had been "nominated", it made me think there's some shadow process going on behind the scenes when it comes to these Working Groups. <br>
</blockquote></div>
At the December 2008 IIW, I was either nominated or was volunteered to work on Security Best Practices document after I strongly advocated that the community write one.<div class="im"></div></blockquote><div><br>Cool. Like I said, I wasn't trying to say you shouldn't be doing this work. I just wanted to make sure it was "open". I wasn't at IIW, so that explains my disconnect.<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Am I missing something? Are there "private" WG discussions going on that the rest of us can't see?<br>
</blockquote></div>
The security best practices document was first discussed at the December 2008 IIW session on OpenID 2.1, completely in the open.<div class="im"></div></blockquote><div><br>See my comment above.<br><br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Or are you just "taking some initiative", as it were?<br>
</blockquote></div>
Well, I'd been procrastinating for more than 6 months, but I think we waited long enough. More and more sites want to deploy OpenID, and it's about time we had a security document that potential implementers can read, other than just reading the specs, and various blog posts.<div class="im">
</div></blockquote><div><br>:) -- I'm glad you've started working on this. It's important to have.<br><br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-- I'm really just looking to get "in the loop" on this Working Group business, assuming I'm out if currently).<br>
</blockquote></div>
I believe that the process requires the WG proposers to take their proposal to the Specifications council who will review the proposal and give their recommendation to the general membership of the OIDF to either approve or deny the request to form the WG. The general membership then votes on the proposal, and if the proposal is approved, the WG is formed. There's also a very painful process for the WG members to get their employers to approve their participation in the WG.<br>
<br>
The WG proposals that seem to be stalled right now appear to be OpenID 2.1, SREG 1.1, and AX 2.0.<br>
</blockquote><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
At least with regards to SREG 1.1 and AX 2.0, I believe that the proposers are waiting for their employers to approve their participation. Where is Dick Hardt? The OpenID world misses you!<br>
<br>
I'm not sure about the status on OpenID 2.1, but at least for myself, I'm more focused on the immediate goals of getting OpenID OAuth Hybrid and the OpenID UI Extensions finalized.<br>
</blockquote><div><br>I for one would like to move forward on the 2.1 Discovery WG. XRD will be a big part of that, but at this point it seems like much of XRD has been solidified (at least, enough for us to begin the 2.1 Discovery WG).<br>
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
The OpenID Wiki says that the Discovery WG proposal has been sent to the specs council, but I have not seen the proposal yet.<br><font color="#888888">
</font></blockquote><div><br> I think this is the proposal:<br><a href="http://wiki.openid.net/OpenID-Discovery">http://wiki.openid.net/OpenID-Discovery</a><br><br></div></div>