On Fri, Feb 06, 2009 at 03:43:30PM -0500, McGovern, James F (HTSC, IT) wrote:
2. Which is worse, having to sort through false positives or to not
perform static analysis at all and have OpenID fail once some bad guy
busts the implementation so badly that everyone runs away from OpenID?
What
On Fri, Feb 06, 2009 at 01:34:33AM +0900, Nat Sakimura wrote:
It might be worthwhile for somebody like OIDF to buy a
license and run a certification program out of it.
If OIDF wants to certify something, it should certify compliance to the
OpenID standard. It would be good for OIDF to make any
On Thu, May 24, 2007 at 10:19:08AM -0700, Josh Hoyt wrote:
On 5/24/07, Peter Watkins [EMAIL PROTECTED] wrote:
Shouldn't the spec clarify what is required for an HTML discovery to
uphold an assertion that triggers 11.2's discovery process?
The spec as it is currently written does
Section 11.2 states
If the Claimed Identifier was not present in the request (openid.identity
was http://specs.openid.net/auth/2.0/identifier_select;), the Relying Party
MUST perform discovery on the Claimed Identifier in the response to make sure
that the OP is authorized to make assertions
On Mon, May 21, 2007 at 11:50:32AM -0700, Josh Hoyt wrote:
On 5/20/07, Claus Färber [EMAIL PROTECTED] wrote:
Peter Watkins schrieb:
7.3.3 in draft 11 says
The openid2.provider and openid2.local_id URLs MUST NOT include
entities other than amp;, lt;, gt;, and quot;. Other
7.3.3 in draft 11 says
The openid2.provider and openid2.local_id URLs MUST NOT include entities
other than amp;, lt;, gt;, and quot;. Other characters that would
not be valid in the HTML document or that cannot be represented in the
document's character encoding MUST be escaped using the
So I'd like my employer (for discussion purposes, The Great
Plumbers Association, http://plumbers.co) to act as an OpenID
OP. I want all our plumber members to use the same OP URL
for OpenID authentication, let's say https://id.plumbers.co/
So the RP doesn't try XRI Resolution, and Yadis fails
On Wed, Nov 08, 2006 at 11:16:41PM -0500, David Fuelling wrote:
Couldn't one make the opposite argument -- that most people's email address
NOT working when they plug it into the OpenId login field could actually be
a good thing? (especially in the beginning of OpenID)
Scenario #2 (WITH