There are various plans, but since OIDF is primarily operating in public,
I should think that "Amateur" plan would suffice. It is US$5/mo.
The limitation is that it can only have one private repository,
but that should be ok.
=nat
(2010/05/25 1:56), Brian Kissel wrote:
What is the cost? The Tech Committee has some budget.
Cheers,
Brian
___________
Brian Kissel
CEO - JanRain, Inc.
[email protected]
Mobile: 503.342.2668 | Fax: 503.296.5502
519 SW 3rd Ave. Suite 600 Portland, OR 97204
Increase registrations, engage users, and grow your brand with RPX. Learn
more at www.rpxnow.com
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Nat Sakimura
Sent: Monday, May 24, 2010 8:05 AM
To: Johannes Ernst
Cc: OpenID Specs Mailing List
Subject: Re: [OIDFSC] OpenID v.Next Discovery Working Group Proposal
Good idea.
I can setup a project under bitbucket.org/openid/ (shall we upgrade to
non-free version
so that we get it under openid.net?) and it has a rudimentary bug
tracking system.
It can be used by logging in by OpenID.
=nat
On Mon, May 24, 2010 at 11:50 AM, Johannes Ernst
<[email protected]> wrote:
Allen, combining what you just wrote with what Brian said on the board
mailing list about MRDs -- perhaps it would make sense to set up a "bug
tracking system" of some kind and use that to drive spec evolution?
On May 23, 2010, at 18:56, Allen Tom wrote:
Hi Johannes,
There isn't a document summarizing the deficiencies with OpenID 2.0
discovery - I think it would be very useful for the WG and for the
Community
if we wrote this down
Off the top of my head, some of the problems are:
Yadis discovery is very vague as to exactly how the RP is supposed to
fetch
the OP's discovery document. Should it send the magic Accept header?
Look
for the X-XRDS-Location header in the response? Do HTML discovery? In
practice, many implementers have had problems implementing discovery
because
there are too many ways to do it
Speaking of Yadis, the specs need to be revised, and it's unclear how to
go
about doing this
Because a compromised discovery document can result in the complete
breakdown in OpenID security - it's important that we find ways to
increase
the security of discovery - perhaps it can be signed? Moved into DNS?
Discovery is hard to implement - the majority of the code in OpenID
libraries is to implement discovery. We can probably simplify discovery
to
require less code to implement
Delegation is a really useful feature in OpenID - it was pretty
straightforward in OpenID 1.1, but is very confusing (to say the least)
in
OpenID 2.0 - we can probably do something in discovery to make
delegation
work better
The infamous NASCAR problem could possibly be helped by discovery
The infamous phishing problem could also possibly be helped by discovery
LRDD, host-meta, and webfinger are pretty interesting - we should see
how
OpenID can leverage these new specs
I'm sure that there are more issues with OpenID 2.0 discovery. Anyone
else
want to take a stab at it?
Allen
On 5/21/10 7:55 PM, "Johannes Ernst"<[email protected]>
wrote:
On May 21, 2010, at 19:28, Allen Tom wrote:
... there's universal consensus that the existing OpenID 2.0 discovery
mechanism is very deficient ...
Is there a summary somewhere of this "universal consensus" of
deficiencies?
Thanks,
Johannes Ernst
NetMesh Inc.
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
--
Nat Sakimura ([email protected])
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547
本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ございませんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
PLEASE READ:
The information contained in this e-mail is confidential and intended for the
named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified
that any review, dissemination, distribution or duplication of this message is
strictly prohibited. If you have received this message in error, please notify
the sender immediately and delete your copy from your system.
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
