On Tue, 2006-10-17 at 13:29 +1000, Chris Drake wrote:
> Now - how comfortable are you with
> the idea of letting 1.5 billion Chinese people use OpenID
Ideally we'd have the input of the SocialBrain Foundation on that.
Those are the folks who put together OpenID.cn. Has anyone on this list
talked
Drummond Reed wrote:
> I think you may have me mistaken for somebody else on the list (. . .)
Double-blind anonymity in action? ;)
-Hans
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
On 16-Oct-06, at 12:24 PM, Martin Atkins wrote:
> Chris Drake wrote:
>>
>> There seem to be a lot of people on this list who want to hate and
>> loathe the IdP, and grant all power to the RP. I do not understand
>> this reasoning: our users will select the IdP they trust and like,
>> then they
Hi Drummond,
Yikes! - sorry about the misquote - very clumsy of me.
Kind Regards,
Chris Drake
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
quot;omnidirectional" identifier. So OpenID
should accommodate both.
=Drummond
-Original Message-
From: Chris Drake [mailto:[EMAIL PROTECTED]
Sent: Monday, October 16, 2006 8:29 PM
To: Drummond Reed
Cc: 'Martin Atkins'; specs@openid.net
Subject: Re[2]: Identifier por
ssage-
DR> From: [EMAIL PROTECTED]
DR> [mailto:[EMAIL PROTECTED] On Behalf
DR> Of Martin Atkins
DR> Sent: Monday, October 16, 2006 12:25 PM
DR> To: specs@openid.net
DR> Subject: Re: Identifier portability: the fundamental issue
DR> Chris Drake wrote:
>>
>> There
Re: Identifier portability: the fundamental issue
Chris Drake wrote:
>
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP. I do not understand
> this reasoning: our users will select the IdP they trust and like,
> then the
On 16-Oct-06, at 2:01 PM, Josh Hoyt wrote:
> On 10/16/06, Marius Scurtescu <[EMAIL PROTECTED]> wrote:
>> In this case you are better off opening a separate account with this
>> or some other IdP. The current delegation model will not protect you
>> at all. The delegate tag is in a publicly accessi
On 10/16/06, Marius Scurtescu <[EMAIL PROTECTED]> wrote:
> In this case you are better off opening a separate account with this
> or some other IdP. The current delegation model will not protect you
> at all. The delegate tag is in a publicly accessible Yadis document.
>
> I agree that anonymity is
On 16-Oct-06, at 12:24 PM, Martin Atkins wrote:
> Chris Drake wrote:
>>
>> There seem to be a lot of people on this list who want to hate and
>> loathe the IdP, and grant all power to the RP. I do not understand
>> this reasoning: our users will select the IdP they trust and like,
>> then they w
Chris Drake wrote:
>
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP. I do not understand
> this reasoning: our users will select the IdP they trust and like,
> then they will be using a multitude of possibly hostile RPs
> ther
Chris Drake wrote:
> There seem to be a lot of people on this list who want to hate and
> loathe the IdP, and grant all power to the RP. I do not understand
> this reasoning: our users will select the IdP they trust and like,
> then they will be using a multitude of possibly hostile RPs
> thereaf
On 10/14/06, Chris Drake <[EMAIL PROTECTED]> wrote:
> JH> Where is power being granted to the RP? It has pretty much none.
> JH> It *does* have responsibility, but only as much as is necessary to
> JH> make the protocol work.
>
> If RPs are allowed to build up linked portfolios of everyones
> ident
On 13-Oct-06, at 12:59 PM, Drummond Reed wrote:
> Yesterday we established consensus that with OpenID, identifier
> portability
> is sacred.
>
> Today I'd like to establish consensus on the following "postulate":
>
> "To achieve identifier portability in OpenID, it MUST be possible
> for the
On 14-Oct-06, at 7:28 AM, Chris Drake wrote:
> JH> Where is power being granted to the RP? It has pretty much none.
> JH> It *does* have responsibility, but only as much as is necessary to
> JH> make the protocol work.
>
> If RPs are allowed to build up linked portfolios of everyones
> identifiers,
specs@openid.net
Subject: Re: Identifier portability: the fundamental issue
Hi Drummond,
DR> CASE 1: the protocol supports only IdP-specific identifiers and no
portable
DR> identifiers.
DR> RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case
1.
Please explain? If I've go
Hi Josh,
>> I do not believe the RP needs to know the IdP-specific identifier ever
>> (worse: I think it should never be allowed to know it, or even be
>> allowed to see it!).
JH> Why not?
PRIVACY. Page back and read trough my posts to this list for the
intricate details.
JH> Where is power b
Brad Fitzpatrick wrote:
>
> Counter-argument: but OpenID 1.1 does have two parameters: one's just in
> the return_to URL and managed by the client library, arguably in its own
> ugly namespace (not IdP/RP managed, not "openid.", but something else...
> the Perl library uses "oic." or something).
On 10/13/06, Chris Drake <[EMAIL PROTECTED]> wrote:
> DR> CASE 1: the protocol supports only IdP-specific identifiers and no
> portable
> DR> identifiers.
>
> DR> RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case 1.
>
> Please explain? If I've got an OpenID URL (eg: my vanit
On 10/13/06, Drummond Reed <[EMAIL PROTECTED]> wrote:
> >So whether it's in the spec formally or not, I don't really care. But the
> >spec MUST contain details on the precautions a RP should take.
>
> Yup.(Got that, editors?)
http://openid.net/specs/openid-authentication-2_0-10.html#anchor38
Jos
Hi Drummond,
DR> CASE 1: the protocol supports only IdP-specific identifiers and no portable
DR> identifiers.
DR> RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case 1.
Please explain? If I've got an OpenID URL (eg: my vanity domain), I
can "transfer" this via DNS (or just u
> > Drummond wrote:
>> >
>> > "To achieve identifier portability in OpenID, it MUST be
>> > possible for the RP and the IdP to identify the user using
>> > two different identifiers: an identifier by which the RP
>> > knows the user (the portable identifier), and an identifier
>> > by which the IdP
Title: RE: Identifier portability: the fundamental issue
We must have different understandings of the term sacred then.
My understanding of the term is that it refers to a tenet of faith which might cause offense if contradicted.
Sent from my GoodLink Wireless Handheld (www.good.com
On 13-Oct-06, at 12:59 PM, Drummond Reed wrote:
> Yesterday we established consensus that with OpenID, identifier
> portability
> is sacred.
>
> Today I'd like to establish consensus on the following "postulate":
>
> "To achieve identifier portability in OpenID, it MUST be possible
> for the
On Fri, 13 Oct 2006, Granqvist, Hans wrote:
> > "To achieve identifier portability in OpenID, it MUST be
> > possible for the RP and the IdP to identify the user using
> > two different identifiers: an identifier by which the RP
> > knows the user (the portable identifier), and an identifier
> > b
> "To achieve identifier portability in OpenID, it MUST be
> possible for the RP and the IdP to identify the user using
> two different identifiers: an identifier by which the RP
> knows the user (the portable identifier), and an identifier
> by which the IdP knows the user (the IdP-specific id
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
1) If the RP sends the IdP-specific identifier, the RP must keep
state to
maintain mapping to the portable identifier (bad), and
I agree, but I'm not sure that this is a big issue. Won't a simple
cookie be sufficient?
Johannes Ernst
NetMesh
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
Yesterday we established consensus that with OpenID, identifier
portability
is sacred.
Could somebody please post a succinct definition of "identifier
portability" somewhere. If we have a new religion, we might as well
agree what it is ;-)
Yesterday we established consensus that with OpenID, identifier portability
is sacred.
Today I'd like to establish consensus on the following "postulate":
"To achieve identifier portability in OpenID, it MUST be possible for the RP
and the IdP to identify the user using two different identifiers:
29 matches
Mail list logo