Summarizing Where We're At

Dick Hardt dick at sxip.com
Tue Oct 17 18:32:35 UTC 2006 

On 17-Oct-06, at 10:30 AM, Josh Hoyt wrote:

> On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
>> Josh, would you elaborate on the reasoning behind your votes so that
>> I (and others) understand?
>
> Sure. I'll try to be brief.

Thanks!

>
>> > On 10/15/06, Recordon, David <drecordon at verisign.com> wrote:
>> >> * Request Nonce and Name
>> > Take no action
>
> response_nonce is already in the spec [1]
>
> There is no other proposal to vote on, so no vote, no action

clarified, thanks

>
>> >> * Authentication Age
>> >>  - Re-proposed today adding clarity in motivation, general
>> >> consensus is
>> >> needed to add to specification.
>> >
>> > -1
>
> There is no reason for this to be in the core. I could make more
> arguments about it, but I'll stop there, unless there is consensus
> that it should go in the core.

Would you provide a reason to counter my justification:
	http://openid.net/pipermail/specs/2006-October/000433.html

Your vote is a -1, not a zero, so I would like to understand why.

>
>
>
>> >> * Remove setup_url
>> >>  - Little discussion and no general consensus to do so.  Rather  
>> seems
>> >> asking for feedback from checkid_immediate implementers on the
>> >> parameter
>> >> would be beneficial at this time.
>> >
>> > +1
>
> setup_url made the API for our libraries more complex. The relying
> party does not need it to know how to proceed when immediate mode
> fails.

Thanks.

>
>
>
>> >> * Consolidated Delegation Proposal
>> >>  - Very active discussion, the only proposal I'm willing to  
>> stall the
>> >> spec for.  Seems very important a strong conceptual model is
>> >> created at
>> >> this time.
>
> See the other 1000 messages about this topic.
>
>> > -0 on status quo (draft 10)
>
> The status quo works, but has some warts [2]
>
>> > +0 on single-identifier
>
> also has some warts (required IdP discovery, dependency on IdP support
> for portable identifiers),

would you clarify those two points

> but is less confusing than the status quo
>
>> > +1 on two-identifier
>
> two-identifier is explicit about what's going on without imposing any
> policy on the IdP. Easy to understand and specify. Minimal change from
> the current working system.

What policy is imposed on the IdP?

>
>
>
>> >> * Change Default session_type
>> >>  - Proposed, no discussion yet.
>> >
>> > Will address in separate message
>
> Mike Glover beat me to it [3]. I'd rather just make the session type a
> required parameter (no default)
>
>
>
>> >> * Bare Request
>> >>  - Proposed, no discussion yet.
>> >
>> > -0 (YAGNI)
>
> You Ain't Gonna Need It [4]

Well maybe YAGNI, but we have use cases that use it in prototype! :)

More information about the specs mailing list