Sure a association request is extensible if you change the core spec:) I prefer to come up with the best design then work around the politics.
I understand Nat has been trying to make progress on this as part of CX and then on it's own. I am going to be at RSA if Nat is going perhaps we can get together there before the openID summit the following month. John B. On 2010-02-16, at 11:53 AM, Breno de Medeiros wrote: > On Tue, Feb 16, 2010 at 04:22, John Bradley <[email protected]> wrote: >> I suspect the advantage to extending the association is more political, >> that way you can call it an extension. > > I could, but I'd be fabricating. The association request is not extensible. > >> I think practically it is better to keep the exchange of long term secrets >> (Association) separate from the artifact resolution process. > > I agree. > >> If we want to do per request shared secrets say SHA256 vs re-using the long >> term one I don't have a big problem with that. >> I don't yet see a super compelling reason for it though. >> John B. > > Ditto. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
