Fwd: Requirements discussion of OpenID Future

Tue Aug 17 05:33:25 UTC 2010

This email (and the linked wiki page) come out of a meeting a few months ago
where a small group of folks tried to look at the early draft on
http://openidconnect.com/ and reconcile it with current implementations
(outside of OpenID) as well as near term needs moving forward. I'd
really recommend taking a look at the wiki page (
http://wiki.openid.net/Future-OpenID-Technical-Requirements) as the list
captures most of the gaps and questions which have been identified.

There really seem to be two big unknowns that jump out at me:
1) Discovery. While the early proposal included one possibility we had hoped
to see progress on an OAuth 2.0 discovery and unregistered clients spec.
WebFinger also seems to be a bit up in the air.
2) Upgrade path from OpenID 2.0. It's patently clear that there must be a
seamless upgrade path for people who have been signing into a site using
OpenID 2.0 once their server starts to support OpenID Connect. While this is
quite achievable, no real technical effort has been put into figuring out
the details yet.

What else jumps out at you as major areas of work?

Thanks,
--David

---------- Forwarded message ----------
From: Allen Tom <atom at yahoo-inc.com>
Date: Mon, Jun 21, 2010 at 6:58 PM
Subject: Requirements discussion of OpenID Future
To: OpenID Specs Mailing List <specs at openid.net>

Hi All,

There¹s been a lot of discussion the past few weeks around specific
technical proposals focused on moving OpenID forward. We wanted to take a
step back and make sure that we understand the problems that there are broad
consensus around solving over the next six to nine months. While there has
also been some discussion around use cases and charters, there hasn¹t yet
been broad consensus.

Today Yahoo!, Google, and Facebook met with some of the authors of Artifact
Binding, the OpenID Connect proposal, and OAuth 2.0 to discuss our specific
future requirements.  We put together a summary document of 20+ items that
we would like to see and wanted to start a discussion around them.  Today
helped to verify our instinct that we could achieve these OpenID goals by
layering features on top of OAuth 2.0 while specifically maintaining the
decentralized nature of OpenID.

After this discussion it seems that the Connect work group charter can
encompass this work and thus provides a mailing list and IPR policy to work
on these items. Facebook, Google, and Yahoo! expect to be able to sign the
contributor agreements for the OpenID Connect working group relatively soon.

We hope that other OpenID community members and organizations will provide
feedback on how this list compares to their needs and/or get involved in
flushing out the technical details.

Here's the list of features that we would like to see implemented in a
future version of OpenID:

http://wiki.openid.net/Future-OpenID-Technical-Requirements

Feedback and discussion is more than welcome!

Allen

_______________________________________________
specs mailing list
specs at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-connect/attachments/20100816/b868d270/attachment.html>