Consolidated Delegate Proposal

Dick Hardt dick at sxip.com
Wed Oct 18 07:31:30 UTC 2006 

Thanks Drummond, I think that clarifies where we are for me  
somewhat ... I have some thoughts on how we might move forward on  
bringing those world views inline that I will share tomorrow.

Having looked over my recent posts, I am clearly not writing crisp,  
clear text at this point this evening.

-- Dick

On 18-Oct-06, at 12:02 AM, Drummond Reed wrote:

> I don't think anything is missing from your previous posts, nor do  
> I think
> you've missed anything from other's previous posts. I think we've  
> discussed
> this issue thoroughly from all sides.
>
> As you say, "It is a different way of thinking about what OpenID is  
> doing".
> In other words, it's a worldview thing. One worldview is that the  
> IdP should
> handle all delegation/synonym management. Another worldview is that  
> the RP
> can handle it in certain use cases and the IdP in others. The first
> worldview requires only one identifier parameter. The latter  
> worldview works
> better with two.
>
> When it comes down to a conflict in worldviews, there's no point in  
> further
> technical debate. We just have to vote and move on.
>
> =Drummond
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On  
> Behalf
> Of Dick Hardt
> Sent: Tuesday, October 17, 2006 10:59 PM
> To: Recordon, David
> Cc: specs at openid.net
> Subject: Re: Consolidated Delegate Proposal
>
> I don't see there being general consensus.
>
> I think Chris Drake was supportive of there being less disclosure as
> well.
>
> Josh said it could be any of the three, but preferred two parameters.
>
> Brad did not really care.
>
> I do care and would like to see direct criticism on the explanation I
> wrote about how the protocol works.
>
> It is a different way of thinking about what OpenID is doing, and I
> think it is a useful view that makes it simpler. The RP does not need
> to worry about the delegation mechanism. There is only one identifier
> moving around. The concept that there is an RP identifier and an IdP
> identifier is not needed.
>
> What is missing from my previous posts? Throw me a bloody bone here
> so that I know what I am missing.
>
> -- Dick
>
>
> On 17-Oct-06, at 3:20 PM, Recordon, David wrote:
>
>> I'm also echoing what Josh has said.  There has been significant
>> discussion on this issue and there seems to be general consensus,
>> excluding Sxip, that the protocol should have two parameters.
>>
>> --David
>>
>> -----Original Message-----
>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>> Behalf Of Josh Hoyt
>> Sent: Tuesday, October 17, 2006 5:24 PM
>> To: Dick Hardt
>> Cc: specs at openid.net
>> Subject: Re: Consolidated Delegate Proposal
>>
>> On 10/17/06, Dick Hardt <dick at sxip.com> wrote:
>>>> 2. It is explicit what is going on from an implementation and
>>>> specification perspective
>>>
>>> And I see the opposite. What the RP sends the IdP is just a hint.
>>> What the IdP sends the RP is authoritative.
>>> I see having two parameters as implying more meaning then is really
>>> there.
>>
>> The IdP sending two identifiers *in the response* as the important
>> part.
>> The IdP is only authoritative *if discovery says it is*. There is no
>> more meaning to the response than "I am asserting that when you do
>> discovery, you will find that this information is true." What other
>> meaning do you see?
>>
>>> Did you read what I wrote? Was there something you did not
>>> understand?
>>
>>> Perhaps you can point out what you disagree about what I wrote?
>>
>> It's possible that I misinterpreted "the RP is figuring them out
>> anyway." I took this as questioning why two identifiers is an
>> improvement over the current (delegate only) model.
>>
>> My answer to this question was "it is explicit what is going on
>> from an
>> implementation and specification perspective." This statement was
>> motivated by implementation experience and experience writing about
>> this
>> issue in OpenID 2 drafts. I believe that the two identifier approach
>> will be easier.
>>
>> I also believe that if I had spent the time that I've spent arguing
>> about this issue in documentation and implementation, the world
>> would be
>> better off, regardless of which of the three viable options for
>> identifier portability had been chosen.
>>
>> I repeat, ALL THREE OPTIONS ARE VIABLE. There are trade-offs for
>> all of
>> them. You know which trade-offs I'd make. I know which ones you'd
>> make.
>> We just need to make a decision so that we can spend our energy and
>> time
>> on things that will make a difference to end-users. This is my last
>> word
>> on this list about this issue, unless there is significant insight.
>> I am
>> not going to change my votes.
>>
>> If you want to discuss it more off-list, I'm willing, but I think
>> that'd
>> just be wasting both of our time.
>>
>> Josh
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>

More information about the specs mailing list