Or continue using BitBucket without a custom domain. I'm all for tools, but <a href="http://mercurial.openid.net">mercurial.openid.net</a> versus <a href="http://bitbucket.com/openid">bitbucket.com/openid</a> doesn't feel like a large difference.<div>
<br><br><div class="gmail_quote">On Mon, May 24, 2010 at 9:09 PM, Dick Hardt <span dir="ltr"><<a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
While I am a fan of using tools to simplify our lives, I am concerned that we have setup a number of tools that seemed like a good idea and did not get utilized.<br>
I am fearful that community members will spend time on a new tool, only to be disappointed in lack of use.<br>
<br>
How about we just use the wiki we have now to create a document we can all edit?<br>
<font color="#888888"><br>
-- Dick<br>
</font><div><div></div><div class="h5"><br>
On 2010-05-24, at 7:24 PM, Nat Sakimura wrote:<br>
<br>
> There are various plans, but since OIDF is primarily operating in public,<br>
> I should think that "Amateur" plan would suffice. It is US$5/mo.<br>
> The limitation is that it can only have one private repository,<br>
> but that should be ok.<br>
><br>
> =nat<br>
><br>
> (2010/05/25 1:56), Brian Kissel wrote:<br>
>> What is the cost? The Tech Committee has some budget.<br>
>><br>
>> Cheers,<br>
>><br>
>> Brian<br>
>> ___________<br>
>><br>
>> Brian Kissel<br>
>> CEO - JanRain, Inc.<br>
>> <a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a><br>
>> Mobile: 503.342.2668 | Fax: 503.296.5502<br>
>> 519 SW 3rd Ave. Suite 600 Portland, OR 97204<br>
>><br>
>> Increase registrations, engage users, and grow your brand with RPX. Learn<br>
>> more at <a href="http://www.rpxnow.com" target="_blank">www.rpxnow.com</a><br>
>><br>
>><br>
>> -----Original Message-----<br>
>> From: <a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a><br>
>> [mailto:<a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a>] On Behalf Of Nat Sakimura<br>
>> Sent: Monday, May 24, 2010 8:05 AM<br>
>> To: Johannes Ernst<br>
>> Cc: OpenID Specs Mailing List<br>
>> Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal<br>
>><br>
>> Good idea.<br>
>><br>
>> I can setup a project under <a href="http://bitbucket.org/openid/" target="_blank">bitbucket.org/openid/</a> (shall we upgrade to<br>
>> non-free version<br>
>> so that we get it under <a href="http://openid.net" target="_blank">openid.net</a>?) and it has a rudimentary bug<br>
>> tracking system.<br>
>> It can be used by logging in by OpenID.<br>
>><br>
>> =nat<br>
>><br>
>> On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst<br>
>> <jernst+<a href="http://openid.net" target="_blank">openid.net</a>@<a href="http://netmesh.us" target="_blank">netmesh.us</a>> wrote:<br>
>><br>
>>> Allen, combining what you just wrote with what Brian said on the board<br>
>>> mailing list about MRDs -- perhaps it would make sense to set up a "bug<br>
>>> tracking system" of some kind and use that to drive spec evolution?<br>
>>> On May 23, 2010, at 18:56, Allen Tom wrote:<br>
>>><br>
>>> Hi Johannes,<br>
>>><br>
>>> There isn't a document summarizing the deficiencies with OpenID 2.0<br>
>>> discovery - I think it would be very useful for the WG and for the<br>
>>><br>
>> Community<br>
>><br>
>>> if we wrote this down<br>
>>><br>
>>> Off the top of my head, some of the problems are:<br>
>>><br>
>>> Yadis discovery is very vague as to exactly how the RP is supposed to<br>
>>><br>
>> fetch<br>
>><br>
>>> the OP's discovery document. Should it send the magic Accept header?<br>
>>><br>
>> Look<br>
>><br>
>>> for the X-XRDS-Location header in the response? Do HTML discovery? In<br>
>>> practice, many implementers have had problems implementing discovery<br>
>>><br>
>> because<br>
>><br>
>>> there are too many ways to do it<br>
>>> Speaking of Yadis, the specs need to be revised, and it's unclear how to<br>
>>><br>
>> go<br>
>><br>
>>> about doing this<br>
>>> Because a compromised discovery document can result in the complete<br>
>>> breakdown in OpenID security - it's important that we find ways to<br>
>>><br>
>> increase<br>
>><br>
>>> the security of discovery - perhaps it can be signed? Moved into DNS?<br>
>>> Discovery is hard to implement - the majority of the code in OpenID<br>
>>> libraries is to implement discovery. We can probably simplify discovery<br>
>>><br>
>> to<br>
>><br>
>>> require less code to implement<br>
>>> Delegation is a really useful feature in OpenID - it was pretty<br>
>>> straightforward in OpenID 1.1, but is very confusing (to say the least)<br>
>>><br>
>> in<br>
>><br>
>>> OpenID 2.0 - we can probably do something in discovery to make<br>
>>><br>
>> delegation<br>
>><br>
>>> work better<br>
>>> The infamous NASCAR problem could possibly be helped by discovery<br>
>>> The infamous phishing problem could also possibly be helped by discovery<br>
>>> LRDD, host-meta, and webfinger are pretty interesting - we should see<br>
>>><br>
>> how<br>
>><br>
>>> OpenID can leverage these new specs<br>
>>><br>
>>> I'm sure that there are more issues with OpenID 2.0 discovery. Anyone<br>
>>><br>
>> else<br>
>><br>
>>> want to take a stab at it?<br>
>>><br>
>>> Allen<br>
>>><br>
>>><br>
>>> On 5/21/10 7:55 PM, "Johannes Ernst"<jernst+<a href="http://openid.net" target="_blank">openid.net</a>@<a href="http://netmesh.us" target="_blank">netmesh.us</a>><br>
>>><br>
>> wrote:<br>
>><br>
>>> On May 21, 2010, at 19:28, Allen Tom wrote:<br>
>>><br>
>>> ... there's universal consensus that the existing OpenID 2.0 discovery<br>
>>> mechanism is very deficient ...<br>
>>><br>
>>> Is there a summary somewhere of this "universal consensus" of<br>
>>><br>
>> deficiencies?<br>
>><br>
>>> Thanks,<br>
>>><br>
>>><br>
>>> Johannes Ernst<br>
>>> NetMesh Inc.<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> specs mailing list<br>
>>> <a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
>>> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
>>><br>
>>><br>
>>><br>
>><br>
>><br>
>><br>
><br>
><br>
> --<br>
> Nat Sakimura (<a href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>)<br>
> Nomura Research Institute, Ltd.<br>
> Tel:+81-3-6274-1412 Fax:+81-3-6274-1547<br>
><br>
> �$BK\%a!<%k$K4^$^$l$k>pJs$O5!L)>pJs$G$"$j!"08@h$K5-:\$5$l$F$$$kJ}$N$_$KAw?.$9$k$3$H$r0U?^$7$F$*$j$^$9!#0U?^$5$l$?<u<h?M0J30$NJ}$K$h$k$3$l$i$N>pJs$N3+<(!"J#@=!":FG[I[$dE>Aw$J$I0l@Z$NMxMQ$,6X;_$5$l$F$$$^$9!#8m$C$FK\%a!<%k$r<u?.$5$l$?>l9g$O!"?=$7Lu$4$6$$$^$;$s$,!"Aw?.<T$^$G$*CN$i$;$$$?$@$-!"<u?.$5$l$?%a!<%k$r:o=|$7$F$$$?$@$-$^$9$h$&$*4j$$CW$7$^$9!#�(B<br>
> PLEASE READ:<br>
> The information contained in this e-mail is confidential and intended for the named recipient(s) only.<br>
> If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.<br>
><br>
><br>
> _______________________________________________<br>
> specs mailing list<br>
> <a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</div></div></blockquote></div><br></div>