<div class="gmail_quote">On Mon, Jun 8, 2009 at 9:03 PM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi All,<br>
<br>
As part of the OpenID 2.1 Working Group proposal, I've been nominated to edit the OpenID Security Best Practices document, which will be a living document that contains security related best practices as determined by the community.<br>
<br>
Although we haven't officially kicked off the OpenID 2.1 WG yet...</blockquote><div> <br>Hi Allen,<br>
<br>
First of all, this is great work -- thanks for doing it! At the
moment, I don't have anything further to add from a technology
perspective.<br>
<br>That said, I am looking for some clarity on the whole "Working Group" idea. I know there's an OpenID 2.1 draft charter that's on the wiki (and has been circulated on this list), but I haven't seen much activity surrounding this. In fact, this past week I've been trying to "push this along" a bit by posting some discussion points about Discovery and Auth 2.1, and trying to (as a community) determine if we should separate this into two WG's --> Discovery 2.1 and the rest of 2.1.<br>
<br>Anyway, when you said you had been "nominated", it made me think there's some shadow process going on behind the scenes when it comes to these Working Groups. Am I missing something? Are there "private" WG discussions going on that the rest of us can't see? Or are you just "taking some initiative", as it were?<br>
<br>(Really, I'm not trying to be a jerk here -- I have no objection to you being the editor for this stuff -- I'm really
just looking to get "in the loop" on this Working Group business, assuming I'm out if currently). <br>
<br>
Thanks!<br><br>David<br><br></div></div>