John, <div><br></div><div>You changed the topic of this thread. </div><div>This thread was about artifact binding, not about Government LoA. </div><div>That's another thread :-)</div><div><br></div><div>Yes, Artifact helps LoA, but it is not only that. </div>
<div>It helps the mobile space immensely. </div><div><br></div><div>=nat<br><br><div class="gmail_quote">On Fri, Aug 14, 2009 at 2:00 AM, John Bradley <span dir="ltr"><<a href="mailto:jbradley@mac.com">jbradley@mac.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word">Chris<div><br></div><div>I think we are agreeing. OpenID needs to play to it's strengths. Chasing shiny things is tempting.</div>
<div><br></div><div>We need to carefully consider the impact of changes. </div><div><br></div><div>That is not to say that openID shouldn't evolve. </div><div><br></div><div>There are always tradeoffs. </div><div>
<br></div><div>Remember that a GSA LoA 2 or 3 profile is focused on the Gov accepting the assertions for specific uses.</div><div><br></div><div>Other people are free to make there own determinations for other use cases.</div>
<div><br></div><div>I am interested in finding out if IdP really want to be certified at LoA 2 with all of the extra identity proofing, liability and other things that go with that.</div><div><br></div><div>A LoA 2 certification for a IdP involves a lot more than just tweaking some protocol peaces.</div>
<div><br></div><div>Are there OPs that want that?</div><div><br></div><div>John B.<div><div></div><div class="h5"><br><div><div>On 13-Aug-09, at 9:11 AM, Chris Messina wrote:</div><br><blockquote type="cite">On Thu, Aug 13, 2009 at 8:34 AM, John Bradley <span dir="ltr"><<a href="mailto:jbradley@mac.com" target="_blank">jbradley@mac.com</a>></span> wrote:<br>
<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Some may ask if we add artifact binding, signatures and encryption are we not reinventing SAML Web SSO, or something of equal complexity?</blockquote>
</div><br>I would like to know more about this, but my instinct is always to say "NO" for as long as possible when any new feature will a) introduce complexity and b) stifle or impair potential adoption.<div> <br>
</div><div>That we've come as far as we have is a feat; maintaining that momentum is critical — and that means making good on the promise of what OpenID offers *today* — and only extending it with real world examples where people are implementing kludges (en masse) to serve a common need.<br clear="all">
<br></div><div>Chris</div><div><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com" target="_blank">http://factoryjoe.com</a><br>Follow me on Twitter: <a href="http://twitter.com/chrismessina" target="_blank">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com" target="_blank">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org" target="_blank">http://diso-project.org</a><br>OpenID Foundation: <a href="http://openid.net" target="_blank">http://openid.net</a><br>
<br>This email is: [ ] bloggable [X] ask first [ ] private<br> </div></blockquote></div><br></div></div></div></div><br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>
</div>