On 10/19/06, Jonathan Daugherty <[EMAIL PROTECTED]> wrote: > I think it's there for convenience because no practices document > existed when that was inserted. I think Josh was considering removing > it anyway, though.
I'm in favor of keeping the OpenID Authentication Protocol specification as small as possible, with as few restrictions as possible to get useful behavior. I think this kind of thing could go in another, companion specification, so that if people want to experiment, they can, without having to re-invent the parts that work. This is similar to my response to Dick in which I said that ideally identifier discovery and verification would be in another specification. The more we can reduce the scope, the more likely it is that we can develop a tight, usable specification that does not hold anyone back and is easy to implement. There are a couple of different insights that are common to OpenID, SXIP, LID, and the myriad other URL-based single-sign-on solutions that are out there. I want to codify the things that we all agree on and allow innovation around the things that we do not. I do not feel strongly about this particular issue, but I do feel strongly that if possible, we should REDUCE the scope as much as possible. If there is a way to accomplish your goal without changing OpenID, then DON'T CHANGE OPENID. It's easy to put stuff in the next revision, but it's hard to take stuff out. OpenID has been successful because its scope was intentionally extremely narrow. Lets keep it that way. Josh _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs