Don't be a cheap skate Brian Kissel.<br><br><div class="gmail_quote">On Mon, May 24, 2010 at 10:26 PM, Brian Kissel <span dir="ltr"><<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">What is the cost? The Tech Committee has some budget.<br>
<br>
Cheers,<br>
<br>
Brian<br>
___________<br>
<br>
Brian Kissel<br>
CEO - JanRain, Inc.<br>
<a href="mailto:bkissel@janrain.com">bkissel@janrain.com</a><br>
Mobile: 503.342.2668 | Fax: 503.296.5502<br>
519 SW 3rd Ave. Suite 600 Portland, OR 97204<br>
<br>
Increase registrations, engage users, and grow your brand with RPX. Learn<br>
more at <a href="http://www.rpxnow.com" target="_blank">www.rpxnow.com</a><br>
<div class="im"><br>
<br>
-----Original Message-----<br>
From: <a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a><br>
</div><div><div></div><div class="h5">[mailto:<a href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a>] On Behalf Of Nat Sakimura<br>
Sent: Monday, May 24, 2010 8:05 AM<br>
To: Johannes Ernst<br>
Cc: OpenID Specs Mailing List<br>
Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal<br>
<br>
Good idea.<br>
<br>
I can setup a project under <a href="http://bitbucket.org/openid/" target="_blank">bitbucket.org/openid/</a> (shall we upgrade to<br>
non-free version<br>
so that we get it under <a href="http://openid.net" target="_blank">openid.net</a>?) and it has a rudimentary bug<br>
tracking system.<br>
It can be used by logging in by OpenID.<br>
<br>
=nat<br>
<br>
On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst<br>
<jernst+<a href="http://openid.net" target="_blank">openid.net</a>@<a href="http://netmesh.us" target="_blank">netmesh.us</a>> wrote:<br>
> Allen, combining what you just wrote with what Brian said on the board<br>
> mailing list about MRDs -- perhaps it would make sense to set up a "bug<br>
> tracking system" of some kind and use that to drive spec evolution?<br>
> On May 23, 2010, at 18:56, Allen Tom wrote:<br>
><br>
> Hi Johannes,<br>
><br>
> There isn't a document summarizing the deficiencies with OpenID 2.0<br>
> discovery - I think it would be very useful for the WG and for the<br>
Community<br>
> if we wrote this down<br>
><br>
> Off the top of my head, some of the problems are:<br>
><br>
> Yadis discovery is very vague as to exactly how the RP is supposed to<br>
fetch<br>
> the OP's discovery document. Should it send the magic Accept header?<br>
Look<br>
> for the X-XRDS-Location header in the response? Do HTML discovery? In<br>
> practice, many implementers have had problems implementing discovery<br>
because<br>
> there are too many ways to do it<br>
> Speaking of Yadis, the specs need to be revised, and it's unclear how to<br>
go<br>
> about doing this<br>
> Because a compromised discovery document can result in the complete<br>
> breakdown in OpenID security - it's important that we find ways to<br>
increase<br>
> the security of discovery - perhaps it can be signed? Moved into DNS?<br>
> Discovery is hard to implement - the majority of the code in OpenID<br>
> libraries is to implement discovery. We can probably simplify discovery<br>
to<br>
> require less code to implement<br>
> Delegation is a really useful feature in OpenID - it was pretty<br>
> straightforward in OpenID 1.1, but is very confusing (to say the least)<br>
in<br>
> OpenID 2.0 - we can probably do something in discovery to make<br>
delegation<br>
> work better<br>
> The infamous NASCAR problem could possibly be helped by discovery<br>
> The infamous phishing problem could also possibly be helped by discovery<br>
> LRDD, host-meta, and webfinger are pretty interesting - we should see<br>
how<br>
> OpenID can leverage these new specs<br>
><br>
> I'm sure that there are more issues with OpenID 2.0 discovery. Anyone<br>
else<br>
> want to take a stab at it?<br>
><br>
> Allen<br>
><br>
><br>
> On 5/21/10 7:55 PM, "Johannes Ernst" <jernst+<a href="http://openid.net" target="_blank">openid.net</a>@<a href="http://netmesh.us" target="_blank">netmesh.us</a>><br>
wrote:<br>
><br>
> On May 21, 2010, at 19:28, Allen Tom wrote:<br>
><br>
> ... there's universal consensus that the existing OpenID 2.0 discovery<br>
> mechanism is very deficient ...<br>
><br>
> Is there a summary somewhere of this "universal consensus" of<br>
deficiencies?<br>
><br>
> Thanks,<br>
><br>
><br>
> Johannes Ernst<br>
> NetMesh Inc.<br>
><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> specs mailing list<br>
> <a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
> <a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
><br>
><br>
<br>
<br>
<br>
--<br>
Nat Sakimura (=nat)<br>
<a href="http://www.sakimura.org/en/" target="_blank">http://www.sakimura.org/en/</a><br>
<a href="http://twitter.com/_nat_en" target="_blank">http://twitter.com/_nat_en</a><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><a href="http://hi.im/santosh">http://hi.im/santosh</a><br><br><br>