Here's the output from today's IIW session on this:
2.0 has been finalized
bunch of implementations
found lots of spec bugs
also gone and done oauth and email addresses and other things. Can we
support these in the core spec?
- Making the spec more readable and fixing bugs (eratta)
- Delegation
- Error handling
- Adding a security appendix
- could be a separate document referred to by the spec
- possibly produced by separate group
- Who controls this security page?
- Security committee could look after this.
- or Allen at Yahoo! will be editing a security document
- Clarifying XRI
- Currently there's no firm message about whether RPs MUST support
XRIs or not.
- Need to clarify how exactly XRI should be used with OpenID.
- Similar to the whitelist question.
- Clarify if RPs can white or blacklist what OPs they accept, and
vice-versa.
- Discovery of type of identifiers an RP supports.
- Clarifying IRI
- Updating discovery. Possibly including the new-fangled XRD discovery.
- Clarifying whether association over SSL must/can use diffie-hellman.
- Discovery of support of checkid_immediate.
Exploratory work:
- Signature mechanisms. Looking at additionally supporting the
mechanisms defined in OAuth so that they can be closer together.
- Possibly deprecating the current signature mechanism.
- Public keys?
- Email-shaped identifiers for OpenID
- Could be a separate working group?
There was consensus that email-shaped identifiers would be worked on by
a separate group and possibly rolled into 2.1 if it's done in time.
- Smart/rich clients?
- Could be in this WG unless it ends up being a big change in which
case it could be its own WG.
- There's another session about this.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
