<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Why does this have to involve the browser vendors<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> openid-specs-bounces@lists.openid.net [mailto:openid-specs-bounces@lists.openid.net] <b>On Behalf Of </b>Santosh Rajan<br><b>Sent:</b> Wednesday, May 19, 2010 1:12 AM<br><b>To:</b> David Recordon<br><b>Cc:</b> Martin Atkins; openid-specs@lists.openid.net; Blaine Cook<br><b>Subject:</b> Re: Connect spec updated<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>HA! BullShit!<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>You know what?. I am beginning to believe that we need get the browser vendors to the OpenID community. Yes Google and Microsoft are already here, but i don't think they are here in the capacity of "browser vendors". We also need the mozilla, opera, safari guys.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>And Mozilla has really been doing some good work in this area. Here is a link.<o:p></o:p></p></div><div><p class=MsoNormal><a href="https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest">https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Wed, May 19, 2010 at 1:25 PM, David Recordon <<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>> wrote:<o:p></o:p></p><p class=MsoNormal>Coming out of some conversations at IIW today I've made some changes to the proposal. Patch is attached, but they are:<o:p></o:p></p><div><p class=MsoNormal> - Allow passing in `user_id` as a hint when not using immediate mode in the request. <o:p></o:p></p></div><div><div><p class=MsoNormal> - Continue to allow users to enter URLs, email addresses, and click buttons but the returned user identifier must be a HTTPS URI.<o:p></o:p></p></div></div><div><p class=MsoNormal> - Include the expiration time within the signature.<o:p></o:p></p></div><div><p class=MsoNormal> - Clarify how you verify if the token endpoint is authoritative for a given user identifier.<o:p></o:p></p></div><div><p class=MsoNormal> - Simplify discovery by removing LRDD and using host-meta to determine the server token endpoint on a per domain (or sub-domain) basis. We're having a hard time finding use cases of running multiple different OpenID servers per domain.<o:p></o:p></p></div><div><p class=MsoNormal> - Remove the separate user info API endpoint and instead make the user identifiers a protected resource. Fetch the user identifier with an access token and it returns basic profile information as well as if the access token was issued by that specific user.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks for all of the feedback and support both virtually and in person! I'm planning to move this proposal into GitHub next week (and work with Eran to actually format it like a spec) so that changes are easier to keep track of.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='color:#888888'>--David<o:p></o:p></span></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>specs mailing list<br><a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br><a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'><br><br clear=all><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><o:p></o:p></p></div></div></body></html>