On Mon, Jun 8, 2009 at 9:03 PM, Allen Tom <[email protected]> wrote:
> Hi All, > > As part of the OpenID 2.1 Working Group proposal, I've been nominated to > edit the OpenID Security Best Practices document, which will be a living > document that contains security related best practices as determined by the > community. > > Although we haven't officially kicked off the OpenID 2.1 WG yet... Hi Allen, First of all, this is great work -- thanks for doing it! At the moment, I don't have anything further to add from a technology perspective. That said, I am looking for some clarity on the whole "Working Group" idea. I know there's an OpenID 2.1 draft charter that's on the wiki (and has been circulated on this list), but I haven't seen much activity surrounding this. In fact, this past week I've been trying to "push this along" a bit by posting some discussion points about Discovery and Auth 2.1, and trying to (as a community) determine if we should separate this into two WG's --> Discovery 2.1 and the rest of 2.1. Anyway, when you said you had been "nominated", it made me think there's some shadow process going on behind the scenes when it comes to these Working Groups. Am I missing something? Are there "private" WG discussions going on that the rest of us can't see? Or are you just "taking some initiative", as it were? (Really, I'm not trying to be a jerk here -- I have no objection to you being the editor for this stuff -- I'm really just looking to get "in the loop" on this Working Group business, assuming I'm out if currently). Thanks! David
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
