On Tue, Jun 9, 2009 at 5:38 AM, Allen Tom <[email protected]> wrote:
> Is the community ready to move forward with OpenID 2.1? I can't necessarily speak for the community, but I'd at least like to move forward with the 2.1 Discovery WG. The output of that is expected to be a "best practices" document relating to Discovery that would (it is expected) be used in the regular OpenID 2.1 WG. I'm not opposed to doing all of this in parallel. > I do believe that we really need a security best practices document, and it > shouldn't have to wait until OpenID 2.1 is finalized. > +1 > >> Anyway, when you said you had been "nominated", it made me think there's >> some shadow process going on behind the scenes when it comes to these >> Working Groups. >> > At the December 2008 IIW, I was either nominated or was volunteered to work > on Security Best Practices document after I strongly advocated that the > community write one. > Cool. Like I said, I wasn't trying to say you shouldn't be doing this work. I just wanted to make sure it was "open". I wasn't at IIW, so that explains my disconnect. > Am I missing something? Are there "private" WG discussions going on that >> the rest of us can't see? >> > The security best practices document was first discussed at the December > 2008 IIW session on OpenID 2.1, completely in the open. > See my comment above. > Or are you just "taking some initiative", as it were? >> > Well, I'd been procrastinating for more than 6 months, but I think we > waited long enough. More and more sites want to deploy OpenID, and it's > about time we had a security document that potential implementers can read, > other than just reading the specs, and various blog posts. > :) -- I'm glad you've started working on this. It's important to have. > -- I'm really just looking to get "in the loop" on this Working Group >> business, assuming I'm out if currently). >> > I believe that the process requires the WG proposers to take their proposal > to the Specifications council who will review the proposal and give their > recommendation to the general membership of the OIDF to either approve or > deny the request to form the WG. The general membership then votes on the > proposal, and if the proposal is approved, the WG is formed. There's also a > very painful process for the WG members to get their employers to approve > their participation in the WG. > > The WG proposals that seem to be stalled right now appear to be OpenID 2.1, > SREG 1.1, and AX 2.0. > > At least with regards to SREG 1.1 and AX 2.0, I believe that the proposers > are waiting for their employers to approve their participation. Where is > Dick Hardt? The OpenID world misses you! > > I'm not sure about the status on OpenID 2.1, but at least for myself, I'm > more focused on the immediate goals of getting OpenID OAuth Hybrid and the > OpenID UI Extensions finalized. > I for one would like to move forward on the 2.1 Discovery WG. XRD will be a big part of that, but at this point it seems like much of XRD has been solidified (at least, enough for us to begin the 2.1 Discovery WG). > The OpenID Wiki says that the Discovery WG proposal has been sent to the > specs council, but I have not seen the proposal yet. > I think this is the proposal: http://wiki.openid.net/OpenID-Discovery
_______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
