Specifying identifier recycling
Johannes Ernst
jernst+openid.net at netmesh.us
Sun Jun 3 05:45:17 UTC 2007
I wasn't in that session (as far as I recall ;-)) so I don't know
either what was agreed on, or who agreed, or for what reasons ... the
thread so far does not look like it was a very stable agreement ;-)
On Jun 2, 2007, at 22:11, Johnny Bufu wrote:
>
> On 2-Jun-07, at 5:14 PM, Recordon, David wrote:
>> I'd like to see this written as an
>> extension so that if the first approach doesn't work, the Auth spec
>> itself doesn't have to be "reverted. Rather we can finish 2.0 and
>> try
>> implementing different approaches before deciding on the final way to
>> solve this problem.
>
> I thought we had agreed at IIW (for good reason) to address this in
> 2.0. Other than the actual solution not being 100% clear, has
> anything changed?
>
> Arguments for not putting it into an extension:
> - users of provider's X who employs 'identifier recycling
> extension' would not be able to log into RP Y who doesn't
> understand the extension
> - it's likely that whatever solution we come up with affects the
> discovery / verification processes, in which case it couldn't be
> pushed to an extension (we're trying to patch something about the
> _identifier_ itself, which is the center of each openid transaction).
>
>
> Also, I believe the fragment approach can actually work, as
> detailed here:
>
> http://openid.net/pipermail/specs/2007-May/001767.html
>
> I haven't seen any replies to this, so would appreciate if others
> would go through the proposed changes and see if they all makes
> sense of I've overlooked something.
>
>
> Thanks,
> Johnny
More information about the specs
mailing list