Modularizing Auth 2.0 Discovery

[Drummond Reed]

>>Drummond Reed wrote:
>> 
>> Under this approach, discovery all identifiers (URLs, XRI
i-names/i-numbers,
>> email addresses, phone numbers, etc.) would be handled by OpenID
Discovery.
>> 
>
>Martin Atkins wrote:
>
>I disagree that a single spec can contain discovery rules for all 
>conceivable discovery types without becoming ridiculously big. The 
>discovery rules in the current spec for just handling HTTP/HTTPS and XRI 
>discovery are already big enough.

I'm not proposing a single spec for all discovery rules for all types of
identifiers forever. I am proposing a spec that:

1) Sets out the general framework and requirements for OpenID Discovery
because there is a lot that discovery for any identifier will have in common
(for example, the general rules around XRDS usage).

2) Include sections for the specific identifier types that are already
well-known and implemented -- URLs and XRIs.

3) Specifies how it extensions can be written for other identifiers, such as
email addresses, phone numbers, SIP endpoints, etc.

>However, I clearly have a bias for lots of small specs over one large 
>spec, and clearly your bias is the opposite. :)

Why do you say that? I've been doing specs for a decade now both inside and
outside of SDOs, and I don't think anyone I've ever worked with would say,
"Drummond likes great big bulky specifications." In fact, they would tell
you I absolutely hate them. David and I did a joint paper/presentation on
OpenID at the last's fall ACM conference and we specifically touted OpenID's
modular lightweight specification approach.

But more than anything I'm a big believe Einstein's "as simple as possible
but no simpler". In this case, I believe the OpenID framework should have a
clear, cohesive discovery layer, and to do that, it should be anchored in an
OpenID Discovery spec.

=Drummond