Consolidated Delegate Proposal

Recordon, David drecordon at verisign.com
Tue Oct 17 22:20:21 UTC 2006 

I'm also echoing what Josh has said.  There has been significant
discussion on this issue and there seems to be general consensus,
excluding Sxip, that the protocol should have two parameters.

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Josh Hoyt
Sent: Tuesday, October 17, 2006 5:24 PM
To: Dick Hardt
Cc: specs at openid.net
Subject: Re: Consolidated Delegate Proposal

On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
> > 2. It is explicit what is going on from an implementation and 
> > specification perspective
>
> And I see the opposite. What the RP sends the IdP is just a hint.
> What the IdP sends the RP is authoritative.
> I see having two parameters as implying more meaning then is really 
> there.

The IdP sending two identifiers *in the response* as the important part.
The IdP is only authoritative *if discovery says it is*. There is no
more meaning to the response than "I am asserting that when you do
discovery, you will find that this information is true." What other
meaning do you see?

> Did you read what I wrote? Was there something you did not understand?

> Perhaps you can point out what you disagree about what I wrote?

It's possible that I misinterpreted "the RP is figuring them out
anyway." I took this as questioning why two identifiers is an
improvement over the current (delegate only) model.

My answer to this question was "it is explicit what is going on from an
implementation and specification perspective." This statement was
motivated by implementation experience and experience writing about this
issue in OpenID 2 drafts. I believe that the two identifier approach
will be easier.

I also believe that if I had spent the time that I've spent arguing
about this issue in documentation and implementation, the world would be
better off, regardless of which of the three viable options for
identifier portability had been chosen.

I repeat, ALL THREE OPTIONS ARE VIABLE. There are trade-offs for all of
them. You know which trade-offs I'd make. I know which ones you'd make.
We just need to make a decision so that we can spend our energy and time
on things that will make a difference to end-users. This is my last word
on this list about this issue, unless there is significant insight. I am
not going to change my votes.

If you want to discuss it more off-list, I'm willing, but I think that'd
just be wasting both of our time.

Josh
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs

More information about the specs mailing list