Wrapping Up Proposals

Recordon, David drecordon at verisign.com
Mon Oct 2 23:46:32 UTC 2006


Since it is now October, I'm looking to have us quickly wrap up the
proposals on the table and not add any additional (unless of course
things come up during implementations); though we shouldn't rush
discussion either.

Here is my read on the discussion thus far:
http://www.lifewiki.net/openid/OpenIDProposals

* IdP-supported Delegation
(http://openid.net/pipermail/specs/2006-September/000002.html)
	Postponed as it changes a fundamental way in which delegation is
architected in that currently the IdP has no way to know that delegation
is being performed

* Rename trust_root to realm
(http://openid.net/pipermail/specs/2006-September/000018.html)
	Accepted (+3, 0, -0) for draft 10, needs to be changed in the
spec.

* Remove SIGNALL
(http://openid.net/pipermail/specs/2006-September/000018.html)
	Accepted (+4, 0, -1) for draft 10, needs to be changed in the
spec.

* Standard multivalue parameter mechanism
(http://openid.net/pipermail/specs/2006-September/000139.html)
	Still being discussed, need feedback on Dick's follow-up at
http://openid.net/pipermail/specs/2006-October/000149.html

* Request nonce and name
(http://openid.net/pipermail/specs/2006-October/000149.html)
	Still being discussed, openid.nonce has been renamed to
openid.response_nonce for draft 10.  Agreement to keep the name "nonce",
little discussion on adding a request nonce.

* Authentication age
(http://openid.net/pipermail/specs/2006-September/000141.html)
	Still being discussed, varying opinions on if the spec mandates
this will IdPs cooperate.  Proposal of having it as an extension.

* Bare response / bare request
(http://openid.net/pipermail/specs/2006-September/000142.html)
	Still being discussed

My current interpretation of the discussions, is that if we want to try
and get something out this week then we should focus on a standard
multivalue parameter mechanism as well as deciding if we wish to add a
request nonce.  There does not seem to be agreement that the
authentication age proposal should be part of the core specification,
rather that it is better to start as an extension.  Also the bare
response / bare request proposal seems to require more discussion.

Agreement? Disagreement?

--David



More information about the specs mailing list