New Charter for AX 1.1

John Bradley john.bradley at wingaa.com
Thu Nov 19 15:26:15 UTC 2009 

AX 1.1 is intended to address some immediate problems with AX while AX 2.0 work is being done.

AX 1.0 is missing a way to specify the RP's privacy policy.  This was in SREG but was left out of AX.

AX 1.0 is also missing a standard set of URI for representing the SREG attributes.  
There are at least three different sets of URI used by different OP's.

Yahoo would like to see the standard AX URI be shorter to minimize problems with POST.

Addressing these simple issues can provide real value immediately.

We wanted to separate the short term from the longer term issues.

John B.

On 2009-11-19, at 12:11 PM, Santosh Rajan wrote:

> My apologies, If i am going to ask what may be two dumb questions. I haven't been following the AX/Sreg discussions. 
> 1) Why are we having both AX 1.1 and 2.0 discussions. We might as well straight go for 2.0 if 1.1 is not yet out? Maybe I must have missed the fact that 1.1 release is imminent?
> 2) If OpenID 2.0 is going to use resource descriptors for discovery, can we not use the same resource descriptor format for AX request and response? After all, attributes are also resources, and we can can have a consistent resource format across 2.0?
> Thanks,
> 
> 
> On Thu, Nov 19, 2009 at 8:19 PM, John Bradley <john.bradley at wingaa.com> wrote:
> Nat,
> 
> I understand why people want a fetch parameter.  I would like it, or something like it as well.
> 
> However I think that is AX 2.0 work.
> 
> Anything that requires code changes at the RP will slow adoption.
> 
> I think we should limit AX 1.1 to practical things we can accomplish through config changes at the RP.
> 
> Yes OP's will need some changes.
> 
> My argument is adoption if code changes are required RP's will tend to wait for AX 2.0.
> 
> There is also the slippery slope argument.   Why make a code change that for fetch as opposed to something else.   
> 
> I also have a suspicion that to do fetch properly at the RP it will require rethinking a bunch of things to use it.
> 
> I think we should add 1 Privacy Policy and 1 TOS in the RP's XRDS,  and define the SREG compatible AX attributes (short if possible).  
> 
> I think fetch and the RP sending more specific Privacy policy are AX 2.0 features.
> 
> I am uncharacteristically making an argument for practicality.
> Fix what we can quickly, and have it implemented by those that want it in weeks not years.
> 
> John B.
> 
> On 2009-11-19, at 1:21 AM, Nat Sakimura wrote:
> 
>> Hi.
>> 
>> 
>> 
>> 
>> To separate out the 2.0 and 1.1 discussion, I have created a new
>> separate charter for AX 1.1
>> 
>> 
>> 
>> https://openid.pbworks.com/OpenID_Attribute_Exchange_Extention_1_1
>> 
>> 
>> 
>> Regards, 
>> 
>> 
>> 
>> =nat
>> 
>> _______________________________________________
>> specs mailing list
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
> 
> 
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
> 
> 
> 
> 
> -- 
> http://hi.im/santosh
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091119/5b98a2cd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091119/5b98a2cd/attachment.bin>

More information about the specs mailing list