Summarizing Where We're At
Josh Hoyt
josh at janrain.com
Mon Oct 16 18:21:10 UTC 2006
Here are my reactions to what's outstanding:
On 10/15/06, Recordon, David <drecordon at verisign.com> wrote:
> * Request Nonce and Name
> - Has been partially implemented, openid.nonce ->
> openid.response_nonce, no agreement on the need of a request nonce
> specifically, rather discussion has evolved into allowing a RP to pass
> "appdata" like in Yahoo's BBAuth. No formal proposal on the table yet,
> thus will not be included in this version.
Take no action
> * Authentication Age
> - Re-proposed today adding clarity in motivation, general consensus is
> needed to add to specification.
-1
> * Remove setup_url
> - Little discussion and no general consensus to do so. Rather seems
> asking for feedback from checkid_immediate implementers on the parameter
> would be beneficial at this time.
+1
> * Consolidated Delegation Proposal
> - Very active discussion, the only proposal I'm willing to stall the
> spec for. Seems very important a strong conceptual model is created at
> this time.
-0 on status quo (draft 10)
+0 on single-identifier
+1 on two-identifier
> * Change Default session_type
> - Proposed, no discussion yet.
Will address in separate message
> * Bare Request
> - Proposed, no discussion yet.
-0 (YAGNI)
Josh
More information about the specs
mailing list