OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: OpenID 2.1


--Apple-Mail-145-724638442
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; ">FYI copied Johannis, Eran, and =
David on this.<div><br></div><div>I see the openID community is united =
on this =
initiative.</div><div><br></div><div>=3Djbradley<br><div><br><div>Begin =
forwarded message:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" =
style=3D"font: 12.0px Helvetica; color: #000000"><b>From: =
</b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">Johannes Ernst &lt;<a =
href=3D"mailto:jernst@netmesh.us";>jernst@netmesh.us</a>></font></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" =
style=3D"font: 12.0px Helvetica; color: #000000"><b>Date: =
</b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">September 17, 2008 5:03:45 PM PDT (CA)</font></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" =
style=3D"font: 12.0px Helvetica; color: #000000"><b>To: </b></font><font =
face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px Helvetica">John =
Bradley &lt;<a =
href=3D"mailto:john.bradley@wingaa.com";>john.bradley@wingaa.com</a>></font=
></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" =
color=3D"#000000" style=3D"font: 12.0px Helvetica; color: =
#000000"><b>Cc: </b></font><font face=3D"Helvetica" size=3D"3" =
style=3D"font: 12.0px Helvetica">Recordon David &lt;<a =
href=3D"mailto:recordond@gmail.com";>recordond@gmail.com</a>>, Eran =
Hammer-Lahav &lt;<a =
href=3D"mailto:eran@hueniverse.com";>eran@hueniverse.com</a>></font></div><=
div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" =
style=3D"font: 12.0px Helvetica; color: #000000"><b>Subject: =
</b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica"><b>Re: OpenID 2.1</b></font></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; =
min-height: 14px; "><br></div> </div><div>I have to say that I don't =
feel qualified to have an opinion on this.<br><br>The right group of =
people would be the specification's council, perhaps?<br><br>On Sep 17, =
2008, at 12:15 , John Bradley wrote:<br><br><blockquote =
type=3D"cite">Thoughts on openID 2.1 and XRI as an =
extension.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The more or =
less common view of extensions is that they are features exposed by the =
OP in the XRDS document.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The =
authentication methods themselves can be thought of as =
extensions.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">SAML-SSO and =
others can be described in the XRDS and used to provide a binding =
between the user and the meta-data resource.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">In the case =
where:<br></blockquote><blockquote type=3D"cite">1. A OP supports making =
an assertion about the claimed_ID as &nbsp;a XRI or as a http: =
URI.<br></blockquote><blockquote type=3D"cite">2. The RP wants to choose =
on the format it presents the openid.claimed_id and openid.identity to =
the OP in.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">I can see that =
described as an extension in the XRDS.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The extension =
notion is more problematic when it comes to the =
Discovery.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">Should openID =
have optional discovery mechanisms?<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">We currently =
have a number of options in 2.0<br></blockquote><blockquote =
type=3D"cite">1. Rel links in a http document (Non =
XRDS)<br></blockquote><blockquote type=3D"cite">2. A X-XRDS-Location =
header with a http(s) URI indicating the location of the =
XRDS<br></blockquote><blockquote type=3D"cite">3. A HTML head element =
containing a &lt;meta> element with a http-equiv attribute equals to =
X-XRDS-Location where the content is a &nbsp;http(s) URI indicating the =
location of the XRDS<br></blockquote><blockquote type=3D"cite">4. A HTTP =
GET request containing an Accept header specifying content type =
application/xrds+xml. Returning the XRDS.<br></blockquote><blockquote =
type=3D"cite">5. XRI resolution.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">At one point =
there was the notion of a Yadis ID and that ID http(s) or XRI had some =
number of authentication services associated with =
it.<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote=
 type=3D"cite">I think there are two questions to be =
asked.<br></blockquote><blockquote type=3D"cite">1. &nbsp;What is the =
discovery protocol or protocols &nbsp;that openID RPs will =
support<br></blockquote><blockquote type=3D"cite">2. &nbsp;What =
identifiers will openID the authentication protocol =
support.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">Currently other =
than for discovery openID 2.0 largely treats identifiers as opaque =
strings.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The XRI notion =
of polymorphism is currently achieved by using the CID as the claimed_id =
however most clients strip the fragment from the claimed_id and use it =
for display.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The 2.0 spec =
also specifies that the claimed_id and the identity sent to the OP must =
be the same unless there is a LocalID in the =
XRDS.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">This prevents =
OPs from displaying the iName the user input at the =
RP.<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote=
 type=3D"cite">Some of the advantages of XRI just are not represented in =
the basic concepts of the 2.0 spec.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The only way to =
leave room for XRI or other identifier formats in the core spec would be =
to make all of the identifiers abstract, &nbsp;allow for the claimed_id =
to be different from the current login identifier =
etc.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">If that =
abstraction is not part of the core spec then we are better off giving =
up on polymorphism for openID RPs and treat all XRI as HXRI for the =
purpose of openID and make the new version of XRDS-Simple discovery end =
HXRI proxy discovery equivalent for openID.<br></blockquote><blockquote =
type=3D"cite">OpenID treats them all as https: URI and call it a =
day.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">I will throw =
out the heretical idea that Discovery and authentication aught to be =
separate but modular specs.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The RP of the =
future supports a Discovery Protocol for =
identifiers.<br></blockquote><blockquote type=3D"cite">That discovery =
protocol supports some number of authentication =
mechanisms.<br></blockquote><blockquote type=3D"cite">The RP selects the =
best authentication protocol for it =
purposes.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">XRI is in the =
identifier and meta-data discovery for "non-information resources" =
business.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">XRI identifiers =
have abstraction qualities not easily achieved with http: =
identifiers.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">The question is =
will there be a higher level identity abstraction for RPs that deals =
with oAuth, openID, SAML-SSO, LID, =
info-card?<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">Things to think =
about for tomorrows call.<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">John =
Bradley<br></blockquote><blockquote =
type=3D"cite">=3Djbradley<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote type=3D"cite">PS Johannes can =
be right about some things:)<br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><blockquote =
type=3D"cite"><br></blockquote><br>Johannes Ernst<br>NetMesh =
Inc.<br><br><br><img height=3D"16" width=3D"20" =
src=3D"cid:3BD46BCD-77D5-42CE-A5F5-FB1F11058C54@novuscom.net";> <img =
height=3D"16" width=3D"40" =
src=3D"cid:D58CC0CA-97A6-4457-BFC0-5FE769C55E20@novuscom.net";> <a =
href=3D"http://netmesh.info/jernst";>http://netmesh.info/jernst</a><br><br>=
</div></blockquote></div><br></div></body></html>=

--Apple-Mail-145-724638442
Content-Disposition: inline;
	filename=openid-relying-party-anonymous.gif
Content-Transfer-Encoding: base64
Content-Type: image/gif;
	x-unix-mode=0644;
	name="openid-relying-party-anonymous.gif"
Content-Id: <3BD46BCD-77D5-42CE-A5F5-FB1F11058C54@novuscom.net>

R0lGODlhEAAQAPcAMf/////////////////////////////////////////////////n1v/n1v/n
1v/n1v/n1v/n1v/n1v/n1v/n1v/n1v/n1v+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1
hP97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf9rCP9rCP9rCP9rCP9rCP9rCP9rCP9rCP9r
CP9rCP9rCPf39/f39/f39/f39/f39/f39/f39/f39/f39/f39/f39/fv5/fv5/fv5/fv5/fv5/fv
5/fv5/fv5/fv5/fv5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+9jGO9jGO9jGO9jGO9j
GO9jGO9jGO9jGO9jGO9jGO9jGOfn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fe1ufe1ufe
1ufe1ufe1ufe1ufe1ufe1ufe1ufe1ufe1t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3tbW
1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1r29vb29vb29vb29vb29vb29vb29vb29vb29
vb29vb29va2tra2tra2tra2tra2tra2tra2tra2tra2tra2traWclKWclKWclKWclKWclKWclKWc
lKWclKWclKWclKWclJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJyUjJyUjJyUjJyU
jJyUjJyUjJyUjJyUjJyUjJyUjJyUjJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlIyMjIyM
jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISE
hIR7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7
e3t7e3tra3tra3tra3tra3tra3tra3tra3tra3tra3tra3trawAAACwAAAAAEAAQAAAIbAABCBxI
sKDBgwgHMrggJOFAISxYNHQIAKJEh3YW2Yq4apEdg3aWqVMHLuJIdavsfARgZ6RHJhHXZBSpTuCy
ZSthXmSyqqfAVcuYCNTZUCjBRSg/6jRq0NLInlYuIrRjaRk9ERcoDmWqtavWgAA7

--Apple-Mail-145-724638442
Content-Disposition: inline;
	filename=lid.gif
Content-Transfer-Encoding: base64
Content-Type: image/gif;
	x-mac-creator=474B4F4E;
	x-unix-mode=0644;
	x-mac-type=47494666;
	name="lid.gif"
Content-Id: <D58CC0CA-97A6-4457-BFC0-5FE769C55E20@novuscom.net>

R0lGODlhJAAQAPcXMf//////////////////////////////////////////////////////////
///////////////////////////////exv/exv/exv/exv/exv/exv/exv/exv/exv/exv/exv/e
xv/exv/exv/exv/exv/exv/exv/exv/exv/exv/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/O
pf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1
hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+MQv+MQv+MQv+MQv+MQv+M
Qv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv9jAP9jAP9j
AP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAPfv
5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv
5/fv5/ethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPet
hPethPethPethOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOda
AOdaAOdaAOdaAOdaAOdaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZa
ANZaANZaANZaANZaANZaANZaANZaAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZS
AMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsx
AHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAAAAACwAAAAAJAAQAAAItgABCBxI
sKDBgwgNrljIsKHDhwwTClyxpqLFixgzWlSVkKLGjyDXcFR4sQoACxhNolxjcuBKi78KerSoklrJ
kzZVVgJyMuPAmTRP/rppYajJFUYBVMEYE2jQFTaf5sRZsSdTVRpVDg1alCXVNVYvpgOQ9WvFml4t
TF0qduDWoICAyF2KVqtKjGMJvvVKEEjaqS7xHmRKrXDhir+obU1suC3CvSFD5k24Jp3ly5gza7Ys
sbPnhAEBADs=

--Apple-Mail-145-724638442--

smime.p7s

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]