" welcome anyone new into this community" is about offering something new for anybody, frequently. Any marketing person will tell you that. According to your own admission OpenID has not offered a new protocol version 2007. So please do not cast aspersions in the wrong direction.
On Wed, May 19, 2010 at 1:50 PM, David Recordon <[email protected]> wrote: > Replying with "bullshit" isn't going to welcome anyone new into this > community. Please stop doing this; you've been asked many times. > > Yes, we should increase the involvement of browser vendors and it's great > seeing the work that's happening around FireFox. I plan to track down that > team tomorrow and get a better understanding of what browser-based APIs > they're proposing and what information websites need to advertise to > browsers. > > --David > > > On Wed, May 19, 2010 at 1:12 AM, Santosh Rajan <[email protected]>wrote: > >> HA! BullShit! >> >> You know what?. I am beginning to believe that we need get the browser >> vendors to the OpenID community. Yes Google and Microsoft are already here, >> but i don't think they are here in the capacity of "browser vendors". We >> also need the mozilla, opera, safari guys. >> >> And Mozilla has really been doing some good work in this area. Here is a >> link. >> https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest >> >> <https://wiki.mozilla.org/Labs/Weave/Identity/Account_Manager/Spec/Latest> >> >> On Wed, May 19, 2010 at 1:25 PM, David Recordon <[email protected]>wrote: >> >>> Coming out of some conversations at IIW today I've made some changes to >>> the proposal. Patch is attached, but they are: >>> - Allow passing in `user_id` as a hint when not using immediate mode in >>> the request. >>> - Continue to allow users to enter URLs, email addresses, and click >>> buttons but the returned user identifier must be a HTTPS URI. >>> - Include the expiration time within the signature. >>> - Clarify how you verify if the token endpoint is authoritative for a >>> given user identifier. >>> - Simplify discovery by removing LRDD and using host-meta to determine >>> the server token endpoint on a per domain (or sub-domain) basis. We're >>> having a hard time finding use cases of running multiple different OpenID >>> servers per domain. >>> - Remove the separate user info API endpoint and instead make the user >>> identifiers a protected resource. Fetch the user identifier with an access >>> token and it returns basic profile information as well as if the access >>> token was issued by that specific user. >>> >>> Thanks for all of the feedback and support both virtually and in person! >>> I'm planning to move this proposal into GitHub next week (and work with Eran >>> to actually format it like a spec) so that changes are easier to keep track >>> of. >>> >>> --David >>> >>> _______________________________________________ >>> specs mailing list >>> [email protected] >>> http://lists.openid.net/mailman/listinfo/openid-specs >>> >>> >> >> >> -- >> http://hi.im/santosh >> >> >> > -- http://hi.im/santosh
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
