It is more complex having to use two fields to uniquely identify a
user in a DB then one. DB queries are more complex and there is more
opportunity for the developer to make mistakes.
Given a goal of OpenID is to be simple, one field is better then two.
-- Dick
On 8-Jun-07, at 10:14 AM,
Requirement? (WAS: RE: Questions about IIW
Identifier Recycling Table)
On 8-Jun-07, at 10:02 AM, Recordon, David wrote:
I'm confused as to why a RP having to not create a new DB field is a
requirement when looking to solve this problem. RP's implementations
already need to change to upgrade from
@openid.net
Subject: Re: Questions about IIW Identifier Recycling Table
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote:
Over the last few days I've been thinking about your Identifier
Recycling
proposal[2], in addition to other proposals (Tokens, etc). Assuming I
understand things correctly
On 8-Jun-07, at 10:02 AM, Recordon, David wrote:
I'm confused as to why a RP having to not create a new DB field is a
requirement when looking to solve this problem. RP's implementations
already need to change to upgrade from 1.1 to 2.0 and this has never
been a requirement in the past. It
Of Josh Hoyt
Sent: Friday, June 08, 2007 10:29 AM
To: [EMAIL PROTECTED]
Cc: specs@openid.net
Subject: Re: Questions about IIW Identifier Recycling Table
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote:
If the token is publically viewable, then losing it is not an issue. I
do not share David's
On 6/8/07, Recordon, David [EMAIL PROTECTED] wrote:
The difference I see is that the current secrets can be renegotiated.
If we're working with non-public fragments then they cannot be. If
we're working with public fragments, then I'm less concerned.
I understand your concern, but I don't
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote:
I'm not sure I understand what's public about this. If I understand
it correctly, from the relying party's perspective, the user's account
is keyed off of the pair of the identifier and the token. This sounds
like URL + private token in
Hi David,
The idea was to list as columns the things potentially affected by
this change and important enough that we cared. In the end we chose
'URL + public fragment' as the one with the most check marks.
See below my comments; maybe others can correct / fill in the gaps.
On 5-Jun-07, at
Hey Johnny,
Thanks for your clarifications and answers to my questions about [1].
Over the last few days I've been thinking about your Identifier Recycling
proposal[2], in addition to other proposals (Tokens, etc). Assuming I
understand things correctly, it seems as if a hybrid of the
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote:
Over the last few days I've been thinking about your Identifier Recycling
proposal[2], in addition to other proposals (Tokens, etc). Assuming I
understand things correctly, it seems as if a hybrid of the public/private
token approach would
Hey Josh,
Thanks for your message and great points. See my thoughts/questions inline.
On 6/7/07, Josh Hoyt [EMAIL PROTECTED] wrote:
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote:
Over the last few days I've been thinking about your Identifier
Recycling
proposal[2], in addition to
I wasn't at IIW, so please bear with me.
In reference to the wiki at
http://openid.net/wiki/index.php/IIW2007a/Identifier_Recycling, can somebody
clarify what some of the terminology means? Specific questions are below.
1.) For URL+Fragment, what is the distinction between private and
public?
12 matches
Mail list logo