[OIDFSC] OpenID v.Next Discovery Working Group Proposal

Nat Sakimura n-sakimura at nri.co.jp
Tue May 25 07:15:31 UTC 2010 

>From the "commoner's" perspective, hg.openid.net and
bitbucket.org/openid is somewhat different. Whether "openid" is in the
"authority" segment or not makes the difference.

For tools, wiki is sub-optimal for issue tracking. For that matter, I
agree that bitbucket.org's issue tracking neither comes to my
expectation, but at least, I would not have to set a server up or create
new identity. I can reuse my openid.

Ideally, it should be something that allows us to:

- Use OpenID to login
- Track the changes.
- Issue should be assigned
- the expected end date
- person in charge
- status

This will greately simplify our lives. Wiki is not so good for these
when many issues starts to accumulate. FYI, I use redmine for my day job
projects and are fairly good, but it is not a hosted solution.

=nat

(2010/05/25 13:05), David Recordon wrote:
> Or continue using BitBucket without a custom domain. I'm all for
> tools, but mercurial.openid.net <http://mercurial.openid.net> versus
> bitbucket.com/openid <http://bitbucket.com/openid> doesn't feel like a
> large difference.
>
>
> On Mon, May 24, 2010 at 9:09 PM, Dick Hardt <dick.hardt at gmail.com
> <mailto:dick.hardt at gmail.com>> wrote:
>
>     While I am a fan of using tools to simplify our lives, I am
>     concerned that we have setup a number of tools that seemed like a
>     good idea and did not get utilized.
>     I am fearful that community members will spend time on a new tool,
>     only to be disappointed in lack of use.
>
>     How about we just use the wiki we have now to create a document we
>     can all edit?
>
>     -- Dick
>
>     On 2010-05-24, at 7:24 PM, Nat Sakimura wrote:
>
>     > There are various plans, but since OIDF is primarily operating
>     in public,
>     > I should think that "Amateur" plan would suffice. It is US$5/mo.
>     > The limitation is that it can only have one private repository,
>     > but that should be ok.
>     >
>     > =nat
>     >
>     > (2010/05/25 1:56), Brian Kissel wrote:
>     >> What is the cost? The Tech Committee has some budget.
>     >>
>     >> Cheers,
>     >>
>     >> Brian
>     >> ___________
>     >>
>     >> Brian Kissel
>     >> CEO - JanRain, Inc.
>     >> bkissel at janrain.com <mailto:bkissel at janrain.com>
>     >> Mobile: 503.342.2668 | Fax: 503.296.5502
>     >> 519 SW 3rd Ave. Suite 600 Portland, OR 97204
>     >>
>     >> Increase registrations, engage users, and grow your brand with
>     RPX. Learn
>     >> more at www.rpxnow.com <http://www.rpxnow.com>
>     >>
>     >>
>     >> -----Original Message-----
>     >> From: openid-specs-bounces at lists.openid.net
>     <mailto:openid-specs-bounces at lists.openid.net>
>     >> [mailto:openid-specs-bounces at lists.openid.net
>     <mailto:openid-specs-bounces at lists.openid.net>] On Behalf Of Nat
>     Sakimura
>     >> Sent: Monday, May 24, 2010 8:05 AM
>     >> To: Johannes Ernst
>     >> Cc: OpenID Specs Mailing List
>     >> Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group
>     Proposal
>     >>
>     >> Good idea.
>     >>
>     >> I can setup a project under bitbucket.org/openid/
>     <http://bitbucket.org/openid/> (shall we upgrade to
>     >> non-free version
>     >> so that we get it under openid.net <http://openid.net>?) and it
>     has a rudimentary bug
>     >> tracking system.
>     >> It can be used by logging in by OpenID.
>     >>
>     >> =nat
>     >>
>     >> On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst
>     >> <jernst+openid.net <http://openid.net>@netmesh.us
>     <http://netmesh.us>> wrote:
>     >>
>     >>> Allen, combining what you just wrote with what Brian said on
>     the board
>     >>> mailing list about MRDs -- perhaps it would make sense to set
>     up a "bug
>     >>> tracking system" of some kind and use that to drive spec
>     evolution?
>     >>> On May 23, 2010, at 18:56, Allen Tom wrote:
>     >>>
>     >>> Hi Johannes,
>     >>>
>     >>> There isn't a document summarizing the deficiencies with
>     OpenID 2.0
>     >>> discovery - I think it would be very useful for the WG and for the
>     >>>
>     >> Community
>     >>
>     >>> if we wrote this down
>     >>>
>     >>> Off the top of my head, some of the problems are:
>     >>>
>     >>> Yadis discovery is very vague as to exactly how the RP is
>     supposed to
>     >>>
>     >> fetch
>     >>
>     >>> the OP's discovery document. Should it send the magic Accept
>     header?
>     >>>
>     >> Look
>     >>
>     >>> for the X-XRDS-Location header in the response? Do HTML
>     discovery? In
>     >>> practice, many implementers have had problems implementing
>     discovery
>     >>>
>     >> because
>     >>
>     >>> there are too many ways to do it
>     >>> Speaking of Yadis, the specs need to be revised, and it's
>     unclear how to
>     >>>
>     >> go
>     >>
>     >>> about doing this
>     >>> Because a compromised discovery document can result in the
>     complete
>     >>> breakdown in OpenID security - it's important that we find ways to
>     >>>
>     >> increase
>     >>
>     >>> the security of discovery - perhaps it can be signed? Moved
>     into DNS?
>     >>> Discovery is hard to implement - the majority of the code in
>     OpenID
>     >>> libraries is to implement discovery. We can probably simplify
>     discovery
>     >>>
>     >> to
>     >>
>     >>> require less code to implement
>     >>> Delegation is a really useful feature in OpenID - it was pretty
>     >>> straightforward in OpenID 1.1, but is very confusing (to say
>     the least)
>     >>>
>     >> in
>     >>
>     >>> OpenID 2.0 - we can probably do something in discovery to make
>     >>>
>     >> delegation
>     >>
>     >>> work better
>     >>> The infamous NASCAR problem could possibly be helped by discovery
>     >>> The infamous phishing problem could also possibly be helped by
>     discovery
>     >>> LRDD, host-meta, and webfinger are pretty interesting - we
>     should see
>     >>>
>     >> how
>     >>
>     >>> OpenID can leverage these new specs
>     >>>
>     >>> I'm sure that there are more issues with OpenID 2.0 discovery.
>     Anyone
>     >>>
>     >> else
>     >>
>     >>> want to take a stab at it?
>     >>>
>     >>> Allen
>     >>>
>     >>>
>     >>> On 5/21/10 7:55 PM, "Johannes Ernst"<jernst+openid.net
>     <http://openid.net>@netmesh.us <http://netmesh.us>>
>     >>>
>     >> wrote:
>     >>
>     >>> On May 21, 2010, at 19:28, Allen Tom wrote:
>     >>>
>     >>> ... there's universal consensus that the existing OpenID 2.0
>     discovery
>     >>> mechanism is very deficient ...
>     >>>
>     >>> Is there a summary somewhere of this "universal consensus" of
>     >>>
>     >> deficiencies?
>     >>
>     >>> Thanks,
>     >>>
>     >>>
>     >>> Johannes Ernst
>     >>> NetMesh Inc.
>     >>>
>     >>>
>     >>>
>     >>>
>     >>>
>     >>>
>     >>> _______________________________________________
>     >>> specs mailing list
>     >>> specs at lists.openid.net <mailto:specs at lists.openid.net>
>     >>> http://lists.openid.net/mailman/listinfo/openid-specs
>     >>>
>     >>>
>     >>>
>     >>
>     >>
>     >>
>     >
>     >
>     > --
>     > Nat Sakimura (n-sakimura at nri.co.jp <mailto:n-sakimura at nri.co.jp>)
>     > Nomura Research Institute, Ltd.
>     > Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
>     >
>     > 本メールに含まれる情報は機密情報であり、宛先に記載されている方の
>     みに送信することを意図しております。意図された受取人以外の方による
>     これらの情報の開示、複製、再配布や転送など一切の利用が禁止されてい
>     ます。誤って本メールを受信された場合は、申し訳ございませんが、送信
>     者までお知らせいただき、受信されたメールを削除していただきますよう
>     お願い致します。
>     > PLEASE READ:
>     > The information contained in this e-mail is confidential and
>     intended for the named recipient(s) only.
>     > If you are not an intended recipient of this e-mail, you are
>     hereby notified that any review, dissemination, distribution or
>     duplication of this message is strictly prohibited. If you have
>     received this message in error, please notify the sender
>     immediately and delete your copy from your system.
>     >
>     >
>     > _______________________________________________
>     > specs mailing list
>     > specs at lists.openid.net <mailto:specs at lists.openid.net>
>     > http://lists.openid.net/mailman/listinfo/openid-specs
>
>     _______________________________________________
>     specs mailing list
>     specs at lists.openid.net <mailto:specs at lists.openid.net>
>     http://lists.openid.net/mailman/listinfo/openid-specs
>
>


-- 
Nat Sakimura (n-sakimura at nri.co.jp)
Nomura Research Institute, Ltd. 
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547

本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100525/4eb3b52e/attachment.html>

More information about the specs mailing list