[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: OpenID 2.1
--Apple-Mail-145-724638442 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable <html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space; ">FYI copied Johannis, Eran, and = David on this.<div><br></div><div>I see the openID community is united = on this = initiative.</div><div><br></div><div>=3Djbradley<br><div><br><div>Begin = forwarded message:</div><br = class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" = style=3D"font: 12.0px Helvetica; color: #000000"><b>From: = </b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px = Helvetica">Johannes Ernst <<a = href=3D"mailto:jernst@netmesh.us">jernst@netmesh.us</a>></font></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" = style=3D"font: 12.0px Helvetica; color: #000000"><b>Date: = </b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px = Helvetica">September 17, 2008 5:03:45 PM PDT (CA)</font></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" = style=3D"font: 12.0px Helvetica; color: #000000"><b>To: </b></font><font = face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px Helvetica">John = Bradley <<a = href=3D"mailto:john.bradley@wingaa.com">john.bradley@wingaa.com</a>></font= ></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: = 0px; margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" = color=3D"#000000" style=3D"font: 12.0px Helvetica; color: = #000000"><b>Cc: </b></font><font face=3D"Helvetica" size=3D"3" = style=3D"font: 12.0px Helvetica">Recordon David <<a = href=3D"mailto:recordond@gmail.com">recordond@gmail.com</a>>, Eran = Hammer-Lahav <<a = href=3D"mailto:eran@hueniverse.com">eran@hueniverse.com</a>></font></div><= div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; "><font face=3D"Helvetica" size=3D"3" color=3D"#000000" = style=3D"font: 12.0px Helvetica; color: #000000"><b>Subject: = </b></font><font face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px = Helvetica"><b>Re: OpenID 2.1</b></font></div><div style=3D"margin-top: = 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; = min-height: 14px; "><br></div> </div><div>I have to say that I don't = feel qualified to have an opinion on this.<br><br>The right group of = people would be the specification's council, perhaps?<br><br>On Sep 17, = 2008, at 12:15 , John Bradley wrote:<br><br><blockquote = type=3D"cite">Thoughts on openID 2.1 and XRI as an = extension.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The more or = less common view of extensions is that they are features exposed by the = OP in the XRDS document.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The = authentication methods themselves can be thought of as = extensions.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">SAML-SSO and = others can be described in the XRDS and used to provide a binding = between the user and the meta-data resource.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">In the case = where:<br></blockquote><blockquote type=3D"cite">1. A OP supports making = an assertion about the claimed_ID as a XRI or as a http: = URI.<br></blockquote><blockquote type=3D"cite">2. The RP wants to choose = on the format it presents the openid.claimed_id and openid.identity to = the OP in.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">I can see that = described as an extension in the XRDS.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The extension = notion is more problematic when it comes to the = Discovery.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">Should openID = have optional discovery mechanisms?<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">We currently = have a number of options in 2.0<br></blockquote><blockquote = type=3D"cite">1. Rel links in a http document (Non = XRDS)<br></blockquote><blockquote type=3D"cite">2. A X-XRDS-Location = header with a http(s) URI indicating the location of the = XRDS<br></blockquote><blockquote type=3D"cite">3. A HTML head element = containing a <meta> element with a http-equiv attribute equals to = X-XRDS-Location where the content is a http(s) URI indicating the = location of the XRDS<br></blockquote><blockquote type=3D"cite">4. A HTTP = GET request containing an Accept header specifying content type = application/xrds+xml. Returning the XRDS.<br></blockquote><blockquote = type=3D"cite">5. XRI resolution.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">At one point = there was the notion of a Yadis ID and that ID http(s) or XRI had some = number of authentication services associated with = it.<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote= type=3D"cite">I think there are two questions to be = asked.<br></blockquote><blockquote type=3D"cite">1. What is the = discovery protocol or protocols that openID RPs will = support<br></blockquote><blockquote type=3D"cite">2. What = identifiers will openID the authentication protocol = support.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">Currently other = than for discovery openID 2.0 largely treats identifiers as opaque = strings.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The XRI notion = of polymorphism is currently achieved by using the CID as the claimed_id = however most clients strip the fragment from the claimed_id and use it = for display.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The 2.0 spec = also specifies that the claimed_id and the identity sent to the OP must = be the same unless there is a LocalID in the = XRDS.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">This prevents = OPs from displaying the iName the user input at the = RP.<br></blockquote><blockquote type=3D"cite"><br></blockquote><blockquote= type=3D"cite">Some of the advantages of XRI just are not represented in = the basic concepts of the 2.0 spec.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The only way to = leave room for XRI or other identifier formats in the core spec would be = to make all of the identifiers abstract, allow for the claimed_id = to be different from the current login identifier = etc.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">If that = abstraction is not part of the core spec then we are better off giving = up on polymorphism for openID RPs and treat all XRI as HXRI for the = purpose of openID and make the new version of XRDS-Simple discovery end = HXRI proxy discovery equivalent for openID.<br></blockquote><blockquote = type=3D"cite">OpenID treats them all as https: URI and call it a = day.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">I will throw = out the heretical idea that Discovery and authentication aught to be = separate but modular specs.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The RP of the = future supports a Discovery Protocol for = identifiers.<br></blockquote><blockquote type=3D"cite">That discovery = protocol supports some number of authentication = mechanisms.<br></blockquote><blockquote type=3D"cite">The RP selects the = best authentication protocol for it = purposes.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">XRI is in the = identifier and meta-data discovery for "non-information resources" = business.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">XRI identifiers = have abstraction qualities not easily achieved with http: = identifiers.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">The question is = will there be a higher level identity abstraction for RPs that deals = with oAuth, openID, SAML-SSO, LID, = info-card?<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">Things to think = about for tomorrows call.<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">John = Bradley<br></blockquote><blockquote = type=3D"cite">=3Djbradley<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote type=3D"cite">PS Johannes can = be right about some things:)<br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><blockquote = type=3D"cite"><br></blockquote><br>Johannes Ernst<br>NetMesh = Inc.<br><br><br><img height=3D"16" width=3D"20" = src=3D"cid:3BD46BCD-77D5-42CE-A5F5-FB1F11058C54@novuscom.net"> <img = height=3D"16" width=3D"40" = src=3D"cid:D58CC0CA-97A6-4457-BFC0-5FE769C55E20@novuscom.net"> <a = href=3D"http://netmesh.info/jernst">http://netmesh.info/jernst</a><br><br>= </div></blockquote></div><br></div></body></html>= --Apple-Mail-145-724638442 Content-Disposition: inline; filename=openid-relying-party-anonymous.gif Content-Transfer-Encoding: base64 Content-Type: image/gif; x-unix-mode=0644; name="openid-relying-party-anonymous.gif" Content-Id: <3BD46BCD-77D5-42CE-A5F5-FB1F11058C54@novuscom.net> R0lGODlhEAAQAPcAMf/////////////////////////////////////////////////n1v/n1v/n 1v/n1v/n1v/n1v/n1v/n1v/n1v/n1v/n1v+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1 hP97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf97Kf9rCP9rCP9rCP9rCP9rCP9rCP9rCP9rCP9r CP9rCP9rCPf39/f39/f39/f39/f39/f39/f39/f39/f39/f39/f39/fv5/fv5/fv5/fv5/fv5/fv 5/fv5/fv5/fv5/fv5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+/v5+9jGO9jGO9jGO9jGO9j GO9jGO9jGO9jGO9jGO9jGO9jGOfn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fe1ufe1ufe 1ufe1ufe1ufe1ufe1ufe1ufe1ufe1ufe1t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3tbW 1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1tbW1r29vb29vb29vb29vb29vb29vb29vb29vb29 vb29vb29va2tra2tra2tra2tra2tra2tra2tra2tra2tra2traWclKWclKWclKWclKWclKWclKWc lKWclKWclKWclKWclJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJyUjJyUjJyUjJyU jJyUjJyUjJyUjJyUjJyUjJyUjJyUjJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlIyMjIyM jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjISEhISEhISEhISEhISEhISEhISEhISEhISEhISEhISE hIR7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c4R7c3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7e3t7 e3t7e3tra3tra3tra3tra3tra3tra3tra3tra3tra3tra3trawAAACwAAAAAEAAQAAAIbAABCBxI sKDBgwgHMrggJOFAISxYNHQIAKJEh3YW2Yq4apEdg3aWqVMHLuJIdavsfARgZ6RHJhHXZBSpTuCy ZSthXmSyqqfAVcuYCNTZUCjBRSg/6jRq0NLInlYuIrRjaRk9ERcoDmWqtavWgAA7 --Apple-Mail-145-724638442 Content-Disposition: inline; filename=lid.gif Content-Transfer-Encoding: base64 Content-Type: image/gif; x-mac-creator=474B4F4E; x-unix-mode=0644; x-mac-type=47494666; name="lid.gif" Content-Id: <D58CC0CA-97A6-4457-BFC0-5FE769C55E20@novuscom.net> R0lGODlhJAAQAPcXMf////////////////////////////////////////////////////////// ///////////////////////////////exv/exv/exv/exv/exv/exv/exv/exv/exv/exv/exv/e xv/exv/exv/exv/exv/exv/exv/exv/exv/exv/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/O pf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf/Opf+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1 hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+1hP+MQv+MQv+MQv+MQv+MQv+M Qv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv+MQv9jAP9jAP9j AP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAP9jAPfv 5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv5/fv 5/fv5/ethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPethPet hPethPethPethOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOdaAOda AOdaAOdaAOdaAOdaAOdaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZaANZa ANZaANZaANZaANZaANZaANZaANZaAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZS AMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAMZSAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsx AHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAHsxAAAAACwAAAAAJAAQAAAItgABCBxI sKDBgwgNrljIsKHDhwwTClyxpqLFixgzWlSVkKLGjyDXcFR4sQoACxhNolxjcuBKi78KerSoklrJ kzZVVgJyMuPAmTRP/rppYajJFUYBVMEYE2jQFTaf5sRZsSdTVRpVDg1alCXVNVYvpgOQ9WvFml4t TF0qduDWoICAyF2KVqtKjGMJvvVKEEjaqS7xHmRKrXDhir+obU1suC3CvSFD5k24Jp3ly5gza7Ys sbPnhAEBADs= --Apple-Mail-145-724638442--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]