Sounds good to me!
On Jul 22, 2009, at 5:23 PM, John Bradley wrote:
+1 I think that advertising the extension itself is a good practice.
A RP may prefer OPs that support the extension over ones that don't.
That is the case for PAPE now as an example.
With XRD most of that will be described i
Should this experimental namespace only apply to work being done by
OpenID working groups? I'm very supportive of pushing the standards
forward via prototypes, but that should be done as part of the OpenID
community instead of by a single company.
I'd be very happy to help get a discovery
Yeah, it was meant to be included with the value of an empty string.
--David
On Jun 17, 2009, at 10:56 AM, Andrew Arnott wrote:
A space-delimited list of no elements is the empty string. So I'd
say (and DNOA is coded such that) it cannot be omitted, but may be
empty.
--
Andrew Arnott
"I [
tcher wrote:
Will these lists be open for reading to the community? I'd like to
keep up with what's happening in both these groups.
Thanks,
George
David Recordon wrote:
Once the working groups are approved and someone is willing to
moderate new members on the list to make sure
m I responsible
for collecting the contribution agreements myself?
Allen
David Recordon wrote:
Once the working groups are approved and someone is willing to
moderate new members on the list to make sure they've signed
contribution agreements before posting, I can make the list i
Once the working groups are approved and someone is willing to
moderate new members on the list to make sure they've signed
contribution agreements before posting, I can make the list itself.
--David
On Jun 11, 2009, at 6:21 PM, Allen Tom wrote:
Hi Nat,
How does one create a mailing list?
The specs list feels like a better home for this thread. :)
--David
- "Nat Sakimura" wrote:
> Hi all:
>
> At XRI TC of OASIS Open, we are talking about the signing method for XRD.
> The current trend in the TC is that to use a constrained form of XML DSig,
> which is found in the SAM
Hey Breno,
I think this is a good point and judging from this thread already,
there seems to be a group of people really interested in working on
discovery for OpenID. If we can frame the working group in the right
way (David Fuelling framed it well as "I guess I'm more of the opinion
tha
Hey David,
I've been following some of the discovery work the past few months,
but don't have a clear picture if the various components are actually
solid enough to begin working with. I know XRD is moving forward, but
what's the state of site-meta (http://tools.ietf.org/html/draft-nottingh
Does it make more sense to use a PAPE policy requesting a pseudonymous
identifier or an AX attribute requesting one? Any of these approaches
would work, I just don't think we've mapped out the pros/cons of each.
--David
On May 13, 2009, at 8:44 AM, George Fletcher wrote:
I don't think Open
Agreed. RP requests a pseudonymous identifier and it's up to the OP
to figure out how to make one and ideally communicate back to the RP
that it did so.
--David
On May 13, 2009, at 9:41 AM, Andrew Arnott wrote:
Agreed. There is no reason for OpenID to mandate how pseudononymous
identifi
d.net/pipermail/specs/2009-February/002726.html
Brad Fitzpatrick - http://openid.net/pipermail/specs/2009-February/002729.html
David Recordon - http://openid.net/pipermail/specs/2009-February/002731.html
Dick Hardt - http://openid.net/pipermail/specs-council/2009-February/000115.html
Johnny Bufu -
g on an ad-hoc basis.
Basis for completion of the activity
The OpenID User Interface Extension 1.0 final draft is completed.
Proposers
* Allen Tom, a...@yahoo-inc.com, Yahoo!
* Brian Ellin, br...@janrain.com, Janrain
* David Recordon, da...@sixapart.com, Six Apart
* Chris M
Agreed with Allen, let's modernize SREG so that the spec matches how
people are using it already with 2.0 though point people to using AX
instead. I'd prefer this happen within the same WG.
--David
On Feb 3, 2009, at 3:20 PM, Allen Tom wrote:
Hi Dick,
I'll be happy to add language to the
;OpenID Trusted data eXchange Extention
Specification (draft)", Oct. 2008. [TX2008].
- "David Recordon" wrote:
> The Specifications Council recommends that the Foundation members
> approve the creation of the Contract Exchange Extension working group
> (http://openid.n
Unless there are any objections, I will change this voting period to match that
of the CX working group where the vote will open Saturday February 14th.
--David
- "David Recordon" wrote:
> The Specifications Council recommends that the Foundation members approve the
>
The Specifications Council recommends that the Foundation members approve the
creation of the Contract Exchange Extension working group
(http://openid.net/pipermail/specs-council/2009-January/000110.html), as
proposed below and found at
http://wiki.openid.net/Working_Groups%3AContract_Exchange_
that maximal consensus
on the protocol proposal has been achieved within the working group,
consistent with the purpose and scope.
Proposers
* Ben Laurie, b...@google.com, Google
* Breno de Medeiros, br...@google.com, Google
* David Recordon, drecor...@sixapart.com, Six Apart
*
+1
On Jan 27, 2009, at 6:30 PM, Allen Tom wrote:
I agree with Martin. I believe that AX is the correct solution in
the long run, but given that there appears to be more SREG
implementations currently in the wild, we should update it to make
it useful for sites that want to use it.
The ot
This has been on my list to kick to the specs council but I've also been
waiting for Dick to reengage since he's been such a core driver of the AX spec
in the past. :)
--David
- "Nat Sakimura" wrote:
>
>
>
> On Sat, Jan 24, 2009 at 4:02 AM, Breno de Medeiros < br...@google.com >
> w
Hi Faisal,
While this is most likely a permissions issue between PHP and your filesystem,
I doubt that you'll receive an answer on this mailing list. The
specs@openid.net mailing list is designed to discuss the OpenID specifications
themselves. You can try reposting to gene...@openid.net though
I'd advocate for waiting until all of the discovery work occurring in
OASIS, IETF, and W3C shakes out before we make changes to how OpenID
discovery works. I'd much rather make this sort of change once rather
than twice.
--David
On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote:
I’m just
#cSpecificationCouncilIssues
>
>
>
> It may be that all the Specs Council members agree with your four points
> below, in which case you can just wholesale copy them into the wiki page.
> However it is very important that the Specs Council come to it's own
> consensus
ould add an appendix noting that changes in discovery to
>> support new use cases are coming, and pointers on how to manage the
>> transition.
>>
>>
>>
>> On Mon, Dec 22, 2008 at 10:27 AM, David Recordon > > wrote:
>>> Agreed with Breno here.
e-
>> From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On
>> Behalf Of Breno de Medeiros
>> Sent: Thursday, December 18, 2008 6:14 PM
>> To: OpenID Specs Mailing List
>> Cc: David Recordon; Brian Eaton; Johannes Ernst
>> Subject: Proposal to form
PROTECTED], Nomura Research Institute, Ltd.
(iii) Anticipated Contributions:
* Sakimura, N., et. al "OpenID Trusted data eXchange Extention
Specification (draft)", Oct. 2008. [TX2008].
On Wed, Nov 12, 2008 at 6:39 AM, David Recordon <[EMAIL PROTECTED]
> wrote:
Just wanted
We now have a wiki page for Working Groups!
http://wiki.openid.net/Working_Groups
I've listed the current PAPE WG as well as the groups that I know have
been proposed. I've also filled in the draft charter for the Auth 2.1
group at http://wiki.openid.net/Working_Groups:Auth_2.1.
If you're
I believe that the charter should now reflect the proposed changes.
You can view it at http://wiki.openid.net/Working_Groups:Auth_2.1.
Please let me know if not.
Thanks,
--David
On Nov 11, 2008, at 12:46 PM, David Recordon wrote:
> Yep, thanks! I'll be sending out a new charter
I certainly want to see us push the world to implementing AX instead
of SREG, though agree with Mart that there are existing
interoperability problems with SREG that would be nice to fix given
that large OPs are still implementing it in a broken fashion. I'd see
no issue with including in
Yeah, the latest draft is at
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-05.html
.
On Nov 25, 2008, at 2:21 AM, Martin Paljak wrote:
> Right. I was lazy and google directed me to 1.0-02 as the first
> response ...
>
> m.
> On 25.11.2008, at 12:03, Nat wrote:
>
>
Just wanted to add that Nat is running a session on TX at IIW this
afternoon. We should definitly chat about the needs being expressed
in this thread and how they might be able to be solved with OpenID.
--David
On Nov 11, 2008, at 1:13 PM, Martin Paljak wrote:
> On 09.11.2008, at 20:51, Nat
Yep, thanks! I'll be sending out a new charter shortly.
On Nov 11, 2008, at 11:24 AM, George Fletcher wrote:
> Great notes! Thanks!
>
> Martin Atkins wrote:
>> Here's the output from today's IIW session on this:
>>
>>
>> 2.0 has been finalized
>> bunch of implementations
>> found lots of spec bu
Hey Arshad,
This is now something we're talking about supporting in OpenID
Authentication 2.1 though it isn't yet clear whether it will support a
transformation technique like EAUT or something else.
--David
On Aug 12, 2008, at 5:35 PM, Arshad Khan wrote:
Does OpenID 2.0 support ‘Email Ad
Hi David,
I do not have any particular attachment to "trust exchange". So, I
am ok in changing it but it would be nice if I can preserve "TX"
acronym though. Do you have any specific suggestions?
=nat
On Sun, Nov 9, 2008 at 3:50 AM, David Recordon
<[EMAIL PROTECTED]>
maximal consensus on the
draft has been achieved, consistent with the purpose and scope.
Proposers:
- Allen Tom, [EMAIL PROTECTED], Yahoo!
- Brad Fitzpatrick, [EMAIL PROTECTED], Google
- Breno de Medeiros, [EMAIL PROTECTED], Google
- Carl Howells, [EMAIL PROTECTED], JanRain
- David R
parent that maximal
consensus on the protocol proposal has been achieved within the
working group, consistent with the purpose and scope.
Proposers:
- Ben Laurie, [EMAIL PROTECTED], Google
- Breno de Medeiros, [EMAIL PROTECTED], Google
- David Recordon, [EMAIL PROTECTED], Six Apart
- Dirk Balf
On Nov 1, 2008, at 2:19 AM, Nat Sakimura wrote:
Hi David,
Thanks for your comments. My reply inline below:
2008/11/1 David Recordon <[EMAIL PROTECTED]>
Hey Nat,
Do you see this as being built atop Attribute Exchange for transport
or as something new that TX defines? I know Sxip had d
This is worth reading as it outlines what Eran plans to do with the
current XRDS and XRDS-Simple specifications. It will have future
implications on OpenID as the current Yadis discovery protocol
actually violates the HTTP and web architecture (as pointed out by the
W3C). I'm going to be
Hey Nat,
Do you see this as being built atop Attribute Exchange for transport
or as something new that TX defines? I know Sxip had done work with
AX to enable passing signed and encrypted attributes using SAML
assertions.
Is "Trust Exchange" really the best name? Seems like "trust" is qu
n Tom
- Brad Fitzpatrick
- David Recordon
- Johnny Bufu
- Josh Hoyt
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Wanted to make sure everyone saw this, though please reply to it on
the General list since the majority of the discussion ended up
happening over there.
--David
Begin forwarded message:
> From: David Recordon <[EMAIL PROTECTED]>
> Date: March 29, 2008 1:19:39 AM PDT
>
If you haven't taken a look about XRDS-Simple -- and care about Yadis
or XRDS Based Discovery -- then you should!
The blow by blow history is:
1) Brad Fitzpatrick, Johannes Ernst, and I were looking at merging
OpenID and LID in 2005 and needed a discovery protocol. Made a text
based one bu
I don't see why changes would really need to wait, if there is an
interested group of people then lets spin up a mailing list and get
participants to agree to the IP policy.
The entire goal of having "working groups" and seperate mailing lists
is to help ensure that future OpenID specs are n
Hey James,
I suppose there could be merit, but my guess is that if you want it to
happen then you'll need to organize it.
--David
On Mar 10, 2008, at 1:38 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]
> wrote:
>
> Is there merit in having a third-party group such as OWASP
> (http://w
Hi Marv,
This has never been specified as a relying party could choose to
follow as many redirects as it wishes. Maybe there should be a hard
line drawn though from an interoperability side?
--David
On Feb 17, 2008, at 3:06 PM, SignpostMarv Martin wrote:
> Was talking with keturn in #openid
+1. Let's get 2.0 deployed and figure out what it might be lacking
before just starting on 3.0.
On Feb 3, 2008, at 11:05 PM, Johannes Ernst wrote:
> Amen. Let's build (optional) extensions, and only if that absolutely
> does not work for an essential feature, meekly suggest that the
> smallest
Great, thanks! We're talking about these drawing at OpenIDDevCamp
right now.
Thanks,
--David
On Dec 11, 2007, at 7:33 PM, NISHITANI Masaki wrote:
>
> I enumerated all possible cases to use OAuth and OpenID
> together to organize my thought a bit more.
>
> And correct the charts for one misund
Hey all,
While its certainly been a long process in the making, it seems that
we're now in a position to declare OpenID Authentication 2.0 and OpenID
Attribute Exchange as final specifications. Both have evolved through
extensive community participation and feedback and each are stable as
Implemen
Do you have proposed wording for this?
It might also make sense to rename this policy to something like "No
Shared Secret" and then also draft a second policy which allows shared
secrets which are more resistant to phishing than passwords. In the
end, not calling anything "phishing resista
Hey all,
It turned out that from the OSIS interoperability event in Barcelona a
call was scheduled to discuss PAPE issues from the interop. I heard
about the call a few minutes before, but Mike, Johnny, and I had a
really productive call. If no one disagrees, we should get these
edits in
Sorry it took me a few days, but seems alright to me. I think a
larger question would be if there should be any material differences
with SREG 1.1 such as adding a few additional common fields.
-David
On Oct 26, 2007, at 4:51 PM, Johnny Bufu wrote:
> David, Josh,
>
> Reviving an old thread
Begin forwarded message:
> From: David Recordon <[EMAIL PROTECTED]>
> Date: October 23, 2007 4:39:23 PM PDT
> To: OpenID List <[EMAIL PROTECTED]>
> Subject: [OpenID] Provider Assertion Policy Extension Draft 2
> Published
> Reply-To: [EMAIL PROTECTED]
>
>
y Ferg wrote:
> Yes, there are arguments to be made for both sides here. I have to
> agree with Johnny and David's point on this; lets give the RP what it
> can be reasonably expected to understand.
>
> On 10/23/07, David Recordon <[EMAIL PROTECTED]> wrote:
>> I see bo
I see both sides of this. At the end of the day the RP is ultimately
making the decision as to if the user can proceed or not. Just as in
SREG if the RP says email is required and the user/OP choose not to
provide it, the RP still has to decide what to do.
I do agree that it is easier on a
Hey Johnny and Jonathan,
Just checked in some clarifications, review would be appreciated.
http://openid.net/pipermail/commits/2007-October/000381.html
Thanks,
--David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Hey Paul,
How do you guys define "passive". Seems like the opposite problem of
defining "active".
Thanks,
--David
On Oct 22, 2007, at 3:18 PM, Paul Madsen wrote:
> SAML 2.0 expresses it in terms of whether or not the authentication
> is 'passive
Hey Siddharth,
Just to be clear, a OTP hardware token is considered a "one-time
password device token" not a "Hard token" given SP 800-63, section 6
on page 15. This means that a OTP device can satisfy up to level 3,
though a FIPS compliant Hard token would be needed for level 4.
Level 3 al
On Oct 9, 2007, at 10:08 AM, Jonathan Daugherty wrote:
> Hi all,
>
> Here are a few more items.
>
> Section 5.1
>
> - The spec doesn't specify what should be done in the absence of
> max_auth_age in a PAPE request. I could assume, but it would be
> easy enough to specify, say, that the
Agreed with Jonathan here, don't think we need to define a policy URI
for "active". Rather need to clarify what is meant in section 5.1.
(Optional) If the End User has not actively authenticated to the OP
within the number
of seconds specified in a manner fitting the requested
Great! Let's try to publish Draft 2 of PAPE either later today or
tomorrow morning. Few more emails coming shortly on this stuff.
--David
On Oct 11, 2007, at 9:28 AM, Johnny Bufu wrote:
>
> On 8-Oct-07, at 8:20 AM, David Recordon wrote:
>
>>>> # On the same topi
Hey all,
I know John did some work in September (http://extremeswank.com/
openid_trusted_auth.html and http://extremeswank.com/
openid_inline_auth.html). Both solve extremely important use-cases
and are becoming increasingly discussed especially with the advent of
OAuth. I'd really like to
Completely agreed with Johannes. We are very close with the IPR
policy/process being in place and assuming all the contributors agree
to it, 2.0 can be declared final within 30 days of October 30th as
that is the end of the public review period for the policy. 2.0 is
really important and
Hey all,
We're currently in the process of changing all of the SVN URLs to be
in the form of http://svn.openid.net/. New URLs are:
http://svn.openid.net/ - WebSVN
http://svn.openid.net/repos/website/
http://svn.openid.net/repos/specifications/
Sorry for the change,
--David
___
On Oct 4, 2007, at 4:59 PM, Johnny Bufu wrote:
>
> On 4-Oct-07, at 4:27 PM, Jonathan Daugherty wrote:
>
>> # +1 on clarifying what "active" means. Before getting to wording,
>> I'm
>> # not totally sure what would be considered active authentication and
>> # what wouldn't.
>>
>> Agreed; that sh
Sitting here in Seattle with Drummond and looking through the spec. Section
7.3.3 says:
HTML-based discovery MUST be supported by Relying Parties. HTML-
based discovery is only usable for discovery of Claimed Identifiers.
OP Identifiers must be XRIs or URLs that support XRDS discovery.
Th
65 matches
Mail list logo