> 9) Higher LOA -According to John Bradley, 90% of the work required to > implement higher LOA is already in OAuth2
So OAuth doesn't accommodate for multi-leg issuance (both for the access grant and the access request). This may be an issue as some tokens could be provisioned out-of-band, also may need write a new profile defining efficient encoding for token format (e.g., to simplify parsing and include them in URLs). So I don't think that this is a done deal and this would mean getting this work done now in OAuth -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Allen Tom Sent: Monday, June 21, 2010 6:58 PM To: OpenID Specs Mailing List Subject: Requirements discussion of OpenID Future Hi All, There¹s been a lot of discussion the past few weeks around specific technical proposals focused on moving OpenID forward. We wanted to take a step back and make sure that we understand the problems that there are broad consensus around solving over the next six to nine months. While there has also been some discussion around use cases and charters, there hasn¹t yet been broad consensus. Today Yahoo!, Google, and Facebook met with some of the authors of Artifact Binding, the OpenID Connect proposal, and OAuth 2.0 to discuss our specific future requirements. We put together a summary document of 20+ items that we would like to see and wanted to start a discussion around them. Today helped to verify our instinct that we could achieve these OpenID goals by layering features on top of OAuth 2.0 while specifically maintaining the decentralized nature of OpenID. After this discussion it seems that the Connect work group charter can encompass this work and thus provides a mailing list and IPR policy to work on these items. Facebook, Google, and Yahoo! expect to be able to sign the contributor agreements for the OpenID Connect working group relatively soon. We hope that other OpenID community members and organizations will provide feedback on how this list compares to their needs and/or get involved in flushing out the technical details. Here's the list of features that we would like to see implemented in a future version of OpenID: http://wiki.openid.net/Future-OpenID-Technical-Requirements Feedback and discussion is more than welcome! Allen _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
