On Oct 17, 2006, at 15:16, Recordon, David wrote:
As I said back in September, I'm only tracking proposals listed on the
wiki page. :)
We have a process, yea!
More power to the guy who gave us a process!!!
Let's drive it to a conclusion, shall we? ;-)
Cheers,
Johannes.
Johannes Ernst
Ne
>
> --David
>
> -Original Message-
> From: Dick Hardt [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 17, 2006 12:25 PM
> To: Recordon, David
> Cc: Josh Hoyt; specs@openid.net
> Subject: Re: Summarizing Where We're At
>
>
> On 16-Oct-06, at 3:24 PM
yt; specs@openid.net
Subject: Re: Summarizing Where We're At
On 16-Oct-06, at 3:24 PM, Recordon, David wrote:
> And here are my votes:
>
> Request nonce and name
> * Take no action
So you are saying to NOT rename the parameter?
+1 rename nonce to response_nonce
+1 to put request_
On 17-Oct-06, at 2:30 PM, Josh Hoyt wrote:
> On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
>> Well, authentication is optional in the spec, so perhaps we should
>> pull that out and make it an extension?
>> In order to just do attribute exchange, we have it so that the RP can
>> decide NOT t
On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
> Well, authentication is optional in the spec, so perhaps we should
> pull that out and make it an extension?
> In order to just do attribute exchange, we have it so that the RP can
> decide NOT to request an identifier.
Honestly, I think that'd
On 17-Oct-06, at 11:52 AM, Josh Hoyt wrote:
> On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
>> >> >> * Authentication Age
>> >> >> - Re-proposed today adding clarity in motivation, general
>> >> >> consensus is
>> >> >> needed to add to specification.
>> >> >
>> >> > -1
>> >
>> > There is n
On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
> >> >> * Authentication Age
> >> >> - Re-proposed today adding clarity in motivation, general
> >> >> consensus is
> >> >> needed to add to specification.
> >> >
> >> > -1
> >
> > There is no reason for this to be in the core. I could make more
>
On 17-Oct-06, at 10:30 AM, Josh Hoyt wrote:
> On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
>> Josh, would you elaborate on the reasoning behind your votes so that
>> I (and others) understand?
>
> Sure. I'll try to be brief.
Thanks!
>
>> > On 10/15/06, Recordon, David <[EMAIL PROTECTED]>
On 10/17/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
> Josh, would you elaborate on the reasoning behind your votes so that
> I (and others) understand?
Sure. I'll try to be brief.
> > On 10/15/06, Recordon, David <[EMAIL PROTECTED]> wrote:
> >> * Request Nonce and Name
> >> - Has been partially i
Josh, would you elaborate on the reasoning behind your votes so that
I (and others) understand?
On 16-Oct-06, at 11:21 AM, Josh Hoyt wrote:
> Here are my reactions to what's outstanding:
>
> On 10/15/06, Recordon, David <[EMAIL PROTECTED]> wrote:
>> * Request Nonce and Name
>> - Has been parti
On 16-Oct-06, at 3:24 PM, Recordon, David wrote:
> And here are my votes:
>
> Request nonce and name
> * Take no action
So you are saying to NOT rename the parameter?
+1 rename nonce to response_nonce
+1 to put request_nonce in an extension for RP identity related
functionality
> Authentica
On 15-Oct-06, at 7:25 PM, Recordon, David wrote:
> Hi Chris,
> The rush is that 2.0 has been in a drafting phase for almost six
> months
> now, with draft five being posted at the end of June. While we
> certainly can continue taking the time to make everyone happy, we
> ultimately will never
On 16-Oct-06, at 11:21 AM, Josh Hoyt wrote:
>
>> * Bare Request
>> - Proposed, no discussion yet.
>
> -0 (YAGNI)
Sorry, I don't know what YAGNI means ...
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Recordon, David
Sent: Monday, October 16, 2006 3:24 PM
To: Josh Hoyt; specs@openid.net
Subject: RE: Summarizing Where We're At
And here are my votes:
Request nonce and name
* Take no action
Authentication age
* -1, write as an extension first
Remove setup_url
* 0 for removing, +1 for a
On Mon, 16 Oct 2006 15:24:25 -0700
"Recordon, David" <[EMAIL PROTECTED]> wrote:
>
> Change default session type
> * +1
I'm not sure what changing the default buys us. The RP still has to create a
public modulus and send it in the request in order to use DH, so there's still
a positive action
I want to avoid the
"wait-I-thought-we-decided-something-else" or
"ahh-yes-seems-we-forgot-it-had-an-impact-there"
delays . . .
Spec work gain tremendously by unambiguous up-front
definitions of what *exactly* is voted on.
A good way to do this is to force the vote to be
on an explici
two-identifier
Change default session type
* +1
Bare request
* 0
--David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh
Hoyt
Sent: Monday, October 16, 2006 11:21 AM
To: Recordon, David
Cc: specs@openid.net
Subject: Re: Summarizing Where We&#x
Here are my reactions to what's outstanding:
On 10/15/06, Recordon, David <[EMAIL PROTECTED]> wrote:
> * Request Nonce and Name
> - Has been partially implemented, openid.nonce ->
> openid.response_nonce, no agreement on the need of a request nonce
> specifically, rather discussion has evolved in
--Original Message-
From: Chris Drake [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 15, 2006 7:09 PM
To: Recordon, David
Cc: specs@openid.net
Subject: Re: Summarizing Where We're At
Hi David,
What is the rush for? There's a lot of unhappy people here due to
missing protocol elements
Hi David,
What is the rush for? There's a lot of unhappy people here due to
missing protocol elements.
I for one believe the lack of privacy considerations is an entire
OpenID "killer".
Is there a reason why you've omitted my IdP-initiated login proposal
from your short list (also known as "boo
20 matches
Mail list logo
