Summarizing Where We're At
Josh Hoyt
josh at janrain.com
Tue Oct 17 17:30:19 UTC 2006
On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
> Josh, would you elaborate on the reasoning behind your votes so that
> I (and others) understand?
Sure. I'll try to be brief.
> > On 10/15/06, Recordon, David <drecordon at verisign.com> wrote:
> >> * Request Nonce and Name
> >> - Has been partially implemented, openid.nonce ->
> >> openid.response_nonce, no agreement on the need of a request nonce
> >> specifically, rather discussion has evolved into allowing a RP to
> >> pass
> >> "appdata" like in Yahoo's BBAuth. No formal proposal on the table
> >> yet,
> >> thus will not be included in this version.
> >
> > Take no action
response_nonce is already in the spec [1]
There is no other proposal to vote on, so no vote, no action
> >> * Authentication Age
> >> - Re-proposed today adding clarity in motivation, general
> >> consensus is
> >> needed to add to specification.
> >
> > -1
There is no reason for this to be in the core. I could make more
arguments about it, but I'll stop there, unless there is consensus
that it should go in the core.
> >> * Remove setup_url
> >> - Little discussion and no general consensus to do so. Rather seems
> >> asking for feedback from checkid_immediate implementers on the
> >> parameter
> >> would be beneficial at this time.
> >
> > +1
setup_url made the API for our libraries more complex. The relying
party does not need it to know how to proceed when immediate mode
fails.
> >> * Consolidated Delegation Proposal
> >> - Very active discussion, the only proposal I'm willing to stall the
> >> spec for. Seems very important a strong conceptual model is
> >> created at
> >> this time.
See the other 1000 messages about this topic.
> > -0 on status quo (draft 10)
The status quo works, but has some warts [2]
> > +0 on single-identifier
also has some warts (required IdP discovery, dependency on IdP support
for portable identifiers), but is less confusing than the status quo
> > +1 on two-identifier
two-identifier is explicit about what's going on without imposing any
policy on the IdP. Easy to understand and specify. Minimal change from
the current working system.
> >> * Change Default session_type
> >> - Proposed, no discussion yet.
> >
> > Will address in separate message
Mike Glover beat me to it [3]. I'd rather just make the session type a
required parameter (no default)
> >> * Bare Request
> >> - Proposed, no discussion yet.
> >
> > -0 (YAGNI)
You Ain't Gonna Need It [4]
Josh
1. http://openid.net/svn/listing.php?repname=specifications&path=%2F&rev=38&sc=1
2. http://openid.net/pipermail/specs/2006-October/000357.html
3. http://openid.net/pipermail/specs/2006-October/000481.html
4. http://www.google.com/search?q=yagni&btnI=1
More information about the specs
mailing list