+1 to http://experimental.openid.net
It would be good to add this to the repository work Breno and John are
doing as having a registry for experimental URIs would be good as well.
Thanks,
George
Dirk Balfanz wrote:
[+gene...@openid.net mailto:gene...@openid.net for a broader audience]
On
Will these lists be open for reading to the community? I'd like to keep
up with what's happening in both these groups.
Thanks,
George
David Recordon wrote:
Once the working groups are approved and someone is willing to
moderate new members on the list to make sure they've signed
contribution
John,
By PPID do you mean the InfoCard unique User:RP identifier? Or are you
referring to the use of pseudonymous identifiers within OpenID?
If the latter, I didn't see the thread that was suggesting that the
pseudonymous identifiers match the realm. I would be against that
suggestion. The
/
The RP might so to make it at least predictable there should be some
normalization rule.
I am sure Breno will jump in I know this is one of his issues.
So while all openIDs are on some sense pseudonymous, I was referring
to the pairwise ones.
Regards
John B.
On 14-May-09, at 1:17 PM, George
+1 to using AX and the identity-less flow Andrew identified recently for
claims/attribute based access to web sites.
There are some 3rd-party asserted issues in regards to the validity of
the attribute value but that's a whole different discussion:)
Thanks,
George
Luke Shepard wrote:
On Wed, May 13, 2009 at 8:44 AM, George Fletcher gffle...@aol.com
mailto:gffle...@aol.com wrote:
I don't think OpenID should specify how pseudonymous identifiers
are generated. That should be up to the OP. But I like the idea of
using a fixed URI as the claimed_id value to specify
Great notes! Thanks!
Martin Atkins wrote:
Here's the output from today's IIW session on this:
2.0 has been finalized
bunch of implementations
found lots of spec bugs
also gone and done oauth and email addresses and other things. Can we
support these in the core spec?
- Making the spec
as much as can be assumed.
Thanks,
George
-Shade
At 8:17 AM -0400 9/5/08, George Fletcher wrote:
SitG Admin wrote:
What's the use-case?
If the RP doesn't care about distinguishing between users that have
accounts at a site but identify themselves as such anonymously, it
can reclassify
+1 simple and straight forward
Just curious about uses cases where the required authentication level
changes over time. For instance, a use case where to view my stock
portfolio just requires password, but doing a trade requires
voicebio. Is the expectation that authentication events can be
the combinations
can explode... but they are also useful. For example to hack my
account you need both my "password" and my "hardotp". That's two
"secrets" that need to be determined for my account to be compromised.
(Not that this doesn't stop phishers).
Thanks,
George
+1
Avery Glasser wrote:
Actually, this could be pretty simple to implement:
Replace openid.aqe.preferred_auth_mode with the following:
openid.aqe.auth_factor1
Optional: The method of authentication the RP
would like the OP to perform, or in the case of a multi-factor
the consumer to change their end user's OpenID URL,
optionally the end
user can use multiple OpenIDs in this consuemr. And this
case can be
expended as this, the IdP(OpenID Server) is cl
Dick Hardt wrote:
What is different with OpenID vs email is that there is certainty
that the user actually is the user.
I'm a little confused. How is there certainty that the user actually
is the user? The viability of the identifier representing the same
user is dependent on the
Dick Hardt wrote:
On 20-Oct-06, at 10:14 AM, George Fletcher wrote:
Of course, my expectation is that this syntax would be optional; the
user can always specify their full URI identifier.
I agree that this kind of an identifier is not portable, but I'm
guessing that most users wouldn't
Dick Hardt wrote:
On 22-Oct-06, at 7:00 PM, George Fletcher wrote:
Dick Hardt wrote:
With OpenID, there is a presumption the user has selected a trust
worthy IdP that will only present the user's identifiers when it
really is the user.
Doesn't this imply that both the user and RP
[Sorry for the strange
posting format. I got on the list after seeing
the emails. --George]
First, I'm new to the list and don't want to resurface an old and long
debated topic.
To me this proposal is about how to make finding the
user's IDP simpler using something the customer is already
It might create some confusion depending on the audience. For the
audience that doesn't run their own web server, or have their own blog,
it might be confusing to enter a URI.
This approach would help those users make the transition without
restricting the users who do get it from entering
17 matches
Mail list logo
