On 2/9/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> I appreciate any and all feedback!
For what it's worth I think that this is excellent. A couple of suggestions:
1) You probably should take a look at the URI Template spec [1].
These guys have done a lot of the work for you. The spec is sti
Hello list!
While reviewing our AX implementation, I came across a case where the
spec is not clear enough:
openid.ax.required
The value of this parameter is an attribute alias, or a list
of aliases corresponding to the URIs defined by
"openid.ax.type." parameters. The O
I chatted with Avery about this today.
URIs for specific auth methods as well as ones for general seems to
be the flexible approach.
Per Kim's laws, the method of auth may not be needed, so is extra
disclosure
On 8-Feb-07, at 11:38 PM, Recordon, David wrote:
> Maybe laws are meant to be br
Recordon, David wrote:
> I agree that things like age should be in an extension, though I think
> this single piece of data is useful in the core protocol. I'm sure the
> exact definition of phishing resistant will come back to bite us in
> sometime in the future, but lets deal with it then instea