<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; border-collapse: collapse; ">I think enough people wants to do artifact binding, including Google. <div>All the mobile carriers in Japan wants to do it as well. </div>
<div>So what is stopping us? </div><div><br></div><div>It is probably the "process". </div><div><br></div><div>It is way top heavy. </div><div><br></div><div>Why did they need to create OAuth on their own IPR regime? </div>
<div>Because, OpenID did not move fast enough. </div><div><br></div><div>Can we move fast enough? No. With the current process, we just cannot. </div><div>It probably is more practical to start the discussion in Kantara, OASIS, or IETF. </div>
<div>OIDF is the most heavyweight and slowest of all. </div><div><br></div><div>We will start seeing cavitation phenomenon on OpenID soon if we do not change our course quickly. </div><div><br></div><div>Nat</div></span><br>
<div class="gmail_quote">On Fri, Aug 14, 2009 at 12:34 AM, John Bradley <span dir="ltr"><<a href="mailto:jbradley@mac.com">jbradley@mac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word">Nat,<div><br></div><div>You can do identity less openID checkid_imediate requests to invoke extensions like AX.</div><div><br></div><div>That doesn't let you piggyback AX on a association request though.</div>
<div><br></div><div>I am sympathetic to your problem of wanting an artifact binding for openID.</div><div><br></div><div>The reality is that we need to create a artifact binding in 2.1 rather than try and slip it through some loose wording in the 2.0 spec.</div>
<div><br></div><div>OpenID 2.0 doesn't support artifact binding.</div><div><br></div><div>If it did then that would have helped me with the LoA 2 justification. </div><div><br></div><div>Artifact binding will add complexity and not everyone will support it.</div>
<div><br></div><div>Some may ask if we add artifact binding, signatures and encryption are we not reinventing SAML Web SSO, or something of equal complexity?</div><div><br></div><div>I am not against doing it if that is the chosen direction. However I would like to see a full and open discussion on it.</div>
<div><br></div><div>John B.</div><div><br><div><div>On 13-Aug-09, at 8:03 AM, <a href="mailto:openid-specs-request@lists.openid.net" target="_blank">openid-specs-request@lists.openid.net</a> wrote:</div><br><blockquote type="cite">
<span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="font-family:monospace">Date: Fri, 14 Aug 2009 00:03:12 +0900<br>
From: Nat Sakimura <<a href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>><br>Subject: Re: So, what is an OpenID Extension?<br>To: James Henstridge <<a href="mailto:james@jamesh.id.au" target="_blank">james@jamesh.id.au</a>><br>
Cc: OpenID Specs Mailing List <<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a>><br>Message-ID:<br><span style="white-space:pre"> </span><<a href="mailto:bf26e2340908130803h390947eya0f6af01c65daee5@mail.gmail.com" target="_blank">bf26e2340908130803h390947eya0f6af01c65daee5@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br><br>Hmmm. So, there is no way we can do direct communication in an extension? What<br>I want to do is to send the large payload directly between the servers and<br>
move only the reference through OpenID Authn request and response so that<br><br>1) mobile clients will not choke.<br>2) is going to be more secure.<br><br>In AX, there is a notion of update_url, but is that also used only for<br>
indirect communication through browser?<br><br>I feel that it is extremely limiting if we cannot do the server to server<br>communication.<br><br>If that is not a possibility, then I should probably do the server to server<br>
portion elsewhere, and just do the reference/artifact moving through OpenID<br>AuthN, but that sounds like OpenID strangling itself.<br><br>=nat<br></span></span></blockquote></div><br></div></div><br>_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>