Requirements discussion of OpenID Future
Breno de Medeiros
breno at google.com
Tue Aug 17 17:50:47 UTC 2010
We also need to keep tabs on the OAuth2 signature effort -- make sure
that the spec writing/editorial process there is not stuck.
On Mon, Aug 16, 2010 at 22:33, David Recordon <recordond at gmail.com> wrote:
> This email (and the linked wiki page) come out of a meeting a few months ago
> where a small group of folks tried to look at the early draft on
> http://openidconnect.com/ and reconcile it with current implementations
> (outside of OpenID) as well as near term needs moving forward. I'd
> really recommend taking a look at the wiki page
> (http://wiki.openid.net/Future-OpenID-Technical-Requirements) as the list
> captures most of the gaps and questions which have been identified.
> There really seem to be two big unknowns that jump out at me:
> 1) Discovery. While the early proposal included one possibility we had hoped
> to see progress on an OAuth 2.0 discovery and unregistered clients spec.
> WebFinger also seems to be a bit up in the air.
> 2) Upgrade path from OpenID 2.0. It's patently clear that there must be a
> seamless upgrade path for people who have been signing into a site using
> OpenID 2.0 once their server starts to support OpenID Connect. While this is
> quite achievable, no real technical effort has been put into figuring out
> the details yet.
> What else jumps out at you as major areas of work?
> Thanks,
> --David
>
> ---------- Forwarded message ----------
> From: Allen Tom <atom at yahoo-inc.com>
> Date: Mon, Jun 21, 2010 at 6:58 PM
> Subject: Requirements discussion of OpenID Future
> To: OpenID Specs Mailing List <specs at openid.net>
>
>
> Hi All,
>
> There¹s been a lot of discussion the past few weeks around specific
> technical proposals focused on moving OpenID forward. We wanted to take a
> step back and make sure that we understand the problems that there are broad
> consensus around solving over the next six to nine months. While there has
> also been some discussion around use cases and charters, there hasn¹t yet
> been broad consensus.
>
> Today Yahoo!, Google, and Facebook met with some of the authors of Artifact
> Binding, the OpenID Connect proposal, and OAuth 2.0 to discuss our specific
> future requirements. We put together a summary document of 20+ items that
> we would like to see and wanted to start a discussion around them. Today
> helped to verify our instinct that we could achieve these OpenID goals by
> layering features on top of OAuth 2.0 while specifically maintaining the
> decentralized nature of OpenID.
>
> After this discussion it seems that the Connect work group charter can
> encompass this work and thus provides a mailing list and IPR policy to work
> on these items. Facebook, Google, and Yahoo! expect to be able to sign the
> contributor agreements for the OpenID Connect working group relatively soon.
>
> We hope that other OpenID community members and organizations will provide
> feedback on how this list compares to their needs and/or get involved in
> flushing out the technical details.
>
> Here's the list of features that we would like to see implemented in a
> future version of OpenID:
>
> http://wiki.openid.net/Future-OpenID-Technical-Requirements
>
> Feedback and discussion is more than welcome!
>
> Allen
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
> _______________________________________________
> openid-specs-connect mailing list
> openid-specs-connect at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-connect
>
>
--
--Breno
More information about the openid-specs-connect
mailing list