[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OpenID 2.1
Thanks for taking the time to dig into this and I look forward to talking to all of you pretty soon. Some thoughts inline...
On Wed, Sep 17, 2008 at 3:15 PM, John Bradley <firstname.lastname@example.org> wrote:
Thoughts on openID 2.1 and XRI as an extension.
I'll agree that is how extensions have been written today, but I don't see why it has to be that way. Every existing extension is already an interaction between the RP and OP with many being initiated by the RP. While not extensions, services like BotBouncer are clearly focused toward RPs.
The authentication methods themselves can be thought of as extensions.
In the case where:
I suppose, though I have the feeling something like this would still be quite a ways off.
The extension notion is more problematic when it comes to the Discovery.
Yes, many different options with some being adopted and others not. I think we must look at how these different methods are being adopted.
At one point there was the notion of a Yadis ID and that ID http(s) or XRI had some number of authentication services associated with it.
Agreed, OpenID Auth 2.0 today doesn't do a good job supporting all of the features offered by XRIs. I unfortunately don't see this radically changing in the core specification until XRI shows that it is really going to be adopted for consumer identity online.
The only way to leave room for XRI or other identifier formats in the core spec would be to make all of the identifiers abstract, allow for the claimed_id to be different from the current login identifier etc.
That might be the best approach. In anycase, breaking XRI support out into an extension allows it to be revised and evolved at a different rate than the core specification.
I will throw out the heretical idea that Discovery and authentication aught to be separate but modular specs.
We've talked about this in the past though I see it dramatically increasing the scope of OpenID Auth 2.1 and making it more difficult for 95% of implementors to follow the specification.
The RP of the future supports a Discovery Protocol for identifiers.
I like that sort of model, though don't think we're quite there yet. :)
XRI is in the identifier and meta-data discovery for "non-information resources" business.