+1 Allen/John<br><br><div class="gmail_quote">On Fri, May 28, 2010 at 11:35 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Nat -<br>
<br>
The high level strawman proposal that John Bradley and I briefly discussed<br>
was:<br>
<br>
1) return the user's OpenID 2.0 identifier as an attribute in the Connect<br>
assertion (along with the new Connect ID)<br>
<br>
2) Update the OpenID 2.0 discovery document for the identifier to list the<br>
to OpenID Connect endpoint as a "connect/openid2" migration service. Connect<br>
RPs are supposed to perform OpenID 2.0 discovery on the OpenID 2.0<br>
identifier to make sure that the Connect OP is also authorative for the<br>
OpenID 2.0 identifier<br>
<br>
Implementing #1 and #2 will allow an existing OpenID 2.0 RP that already has<br>
OpenID 2.0 users to migrate their existing users to Connect without<br>
requiring users to auth twice during the migration process.<br>
<br>
Does anyone see a problem with this approach?<br>
<font color="#888888"><br>
Allen<br>
</font><div class="im"><br>
<br>
On 5/27/10 7:06 PM, "Nat Sakimura" <<a href="mailto:sakimura@gmail.com">sakimura@gmail.com</a>> wrote:<br>
<br>
><br>
><br>
> My suggestion here is to include both the old and new identifier in a<br>
> signed assertion,<br>
> with a sunset set for the old identifier. It could be either OpenID<br>
> assertion or XRDS.<br>
> If it is in the OpenID assertion, it is done.<br>
><br>
> If it got the old identifier as an attribute of the identity that the<br>
> new identifier points to,<br>
> RP can then do the Discovery on the old known<br>
> identifier and get back the XRDS which includes both the old and new<br>
> identifier.<br>
><br>
> What do you think?<br>
<br>
</div><div><div></div><div class="h5">_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</div></div></blockquote></div><br>