Requirements discussion of OpenID Future

Nat sakimura at gmail.com
Wed Aug 18 00:04:14 UTC 2010 

Right. I am currently waiting for the text update on the Magic Sigs so that I can include it. Then, as David suggested, I probably should add a section describing how it should be used ib the flows. 

=nat @ Tokyo via iPhone

On 2010/08/18, at 2:50, Breno de Medeiros <breno at google.com> wrote:

> We also need to keep tabs on the OAuth2 signature effort -- make sure
> that the spec writing/editorial process there is not stuck.
> 
> On Mon, Aug 16, 2010 at 22:33, David Recordon <recordond at gmail.com> wrote:
>> This email (and the linked wiki page) come out of a meeting a few months ago
>> where a small group of folks tried to look at the early draft on
>> http://openidconnect.com/ and reconcile it with current implementations
>> (outside of OpenID) as well as near term needs moving forward. I'd
>> really recommend taking a look at the wiki page
>> (http://wiki.openid.net/Future-OpenID-Technical-Requirements) as the list
>> captures most of the gaps and questions which have been identified.
>> There really seem to be two big unknowns that jump out at me:
>> 1) Discovery. While the early proposal included one possibility we had hoped
>> to see progress on an OAuth 2.0 discovery and unregistered clients spec.
>> WebFinger also seems to be a bit up in the air.
>> 2) Upgrade path from OpenID 2.0. It's patently clear that there must be a
>> seamless upgrade path for people who have been signing into a site using
>> OpenID 2.0 once their server starts to support OpenID Connect. While this is
>> quite achievable, no real technical effort has been put into figuring out
>> the details yet.
>> What else jumps out at you as major areas of work?
>> Thanks,
>> --David
>> 
>> ---------- Forwarded message ----------
>> From: Allen Tom <atom at yahoo-inc.com>
>> Date: Mon, Jun 21, 2010 at 6:58 PM
>> Subject: Requirements discussion of OpenID Future
>> To: OpenID Specs Mailing List <specs at openid.net>
>> 
>> 
>> Hi All,
>> 
>> There¹s been a lot of discussion the past few weeks around specific
>> technical proposals focused on moving OpenID forward. We wanted to take a
>> step back and make sure that we understand the problems that there are broad
>> consensus around solving over the next six to nine months. While there has
>> also been some discussion around use cases and charters, there hasn¹t yet
>> been broad consensus.
>> 
>> Today Yahoo!, Google, and Facebook met with some of the authors of Artifact
>> Binding, the OpenID Connect proposal, and OAuth 2.0 to discuss our specific
>> future requirements.  We put together a summary document of 20+ items that
>> we would like to see and wanted to start a discussion around them.  Today
>> helped to verify our instinct that we could achieve these OpenID goals by
>> layering features on top of OAuth 2.0 while specifically maintaining the
>> decentralized nature of OpenID.
>> 
>> After this discussion it seems that the Connect work group charter can
>> encompass this work and thus provides a mailing list and IPR policy to work
>> on these items. Facebook, Google, and Yahoo! expect to be able to sign the
>> contributor agreements for the OpenID Connect working group relatively soon.
>> 
>> We hope that other OpenID community members and organizations will provide
>> feedback on how this list compares to their needs and/or get involved in
>> flushing out the technical details.
>> 
>> Here's the list of features that we would like to see implemented in a
>> future version of OpenID:
>> 
>> http://wiki.openid.net/Future-OpenID-Technical-Requirements
>> 
>> Feedback and discussion is more than welcome!
>> 
>> Allen
>> 
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
>> 
>> 
>> _______________________________________________
>> openid-specs-connect mailing list
>> openid-specs-connect at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-connect
>> 
>> 
> 
> 
> 
> -- 
> --Breno
> _______________________________________________
> openid-specs-connect mailing list
> openid-specs-connect at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-connect

More information about the openid-specs-connect mailing list