Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
I think so. =nat On Sun, Jan 11, 2009 at 8:14 AM, Breno de Medeiros br...@google.com wrote: Well, Eran published a draft of the full XRD discovery standard yesterday. That changes things, because puts discovery on much more solid ground. The biggest remaining issue to be addressed is on trust/security/signatures but there is already substantial progress on that front as well, and we can probably expect a similarly mature draft within a few weeks. Based on these developments, should we consider a commitment to do the OpenID discovery spec in time for 2.1? I think it is important to decide this early on because it affects decisions about the structure of the AuthN spec. On Tue, Jan 6, 2009 at 8:51 AM, Breno de Medeiros br...@google.comwrote: Splitting the specification will also make it easier to understand the changes between Yadis-based and XRD-based discovery, since the authN part of the spec is unlikely to change as much. I am in favor of separating the two specifications and create a 2.0-compatible (with language clean-up) version of discovery. 2009/1/6 Nat Sakimura sakim...@gmail.com: But I suppose it is worthwhile to make the spec clearler. It can be clearer by decomposeing the notion of OP into Discovery Service and Authentication Service than collectively calling it as OP. That will facilitate a better understanding of the strength and weakness of the protocol as well. =nat 2009/1/6 Drummond Reed drummond.r...@cordance.net Agreed that it makes sense to split it out when the underlying work (XRD 1.0) is ready. =Drummond From: David Recordon [mailto:drecor...@sixapart.com] Sent: Sunday, January 04, 2009 11:24 PM To: Drummond Reed Cc: sappe...@gmail.com; 'Nat Sakimura'; 'John Bradley'; specs@openid.net Subject: Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group) I'd advocate for waiting until all of the discovery work occurring in OASIS, IETF, and W3C shakes out before we make changes to how OpenID discovery works. I'd much rather make this sort of change once rather than twice. --David On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote: I'm just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better… =Drummond From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of David Fuelling Sent: Friday, December 26, 2008 8:47 AM To: Nat Sakimura Cc: John Bradley; specs@openid.net Subject: Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
Well, Eran published a draft of the full XRD discovery standard yesterday. That changes things, because puts discovery on much more solid ground. The biggest remaining issue to be addressed is on trust/security/signatures but there is already substantial progress on that front as well, and we can probably expect a similarly mature draft within a few weeks. Based on these developments, should we consider a commitment to do the OpenID discovery spec in time for 2.1? I think it is important to decide this early on because it affects decisions about the structure of the AuthN spec. On Tue, Jan 6, 2009 at 8:51 AM, Breno de Medeiros br...@google.com wrote: Splitting the specification will also make it easier to understand the changes between Yadis-based and XRD-based discovery, since the authN part of the spec is unlikely to change as much. I am in favor of separating the two specifications and create a 2.0-compatible (with language clean-up) version of discovery. 2009/1/6 Nat Sakimura sakim...@gmail.com: But I suppose it is worthwhile to make the spec clearler. It can be clearer by decomposeing the notion of OP into Discovery Service and Authentication Service than collectively calling it as OP. That will facilitate a better understanding of the strength and weakness of the protocol as well. =nat 2009/1/6 Drummond Reed drummond.r...@cordance.net Agreed that it makes sense to split it out when the underlying work (XRD 1.0) is ready. =Drummond From: David Recordon [mailto:drecor...@sixapart.com] Sent: Sunday, January 04, 2009 11:24 PM To: Drummond Reed Cc: sappe...@gmail.com; 'Nat Sakimura'; 'John Bradley'; specs@openid.net Subject: Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group) I'd advocate for waiting until all of the discovery work occurring in OASIS, IETF, and W3C shakes out before we make changes to how OpenID discovery works. I'd much rather make this sort of change once rather than twice. --David On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote: I'm just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better… =Drummond From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of David Fuelling Sent: Friday, December 26, 2008 8:47 AM To: Nat Sakimura Cc: John Bradley; specs@openid.net Subject: Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
But I suppose it is worthwhile to make the spec clearler. It can be clearer by decomposeing the notion of OP into Discovery Service and Authentication Service than collectively calling it as OP. That will facilitate a better understanding of the strength and weakness of the protocol as well. =nat 2009/1/6 Drummond Reed drummond.r...@cordance.net Agreed that it makes sense to split it out when the underlying work (XRD 1.0) is ready. =Drummond -- *From:* David Recordon [mailto:drecor...@sixapart.com] *Sent:* Sunday, January 04, 2009 11:24 PM *To:* Drummond Reed *Cc:* sappe...@gmail.com; 'Nat Sakimura'; 'John Bradley'; specs@openid.net *Subject:* Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group) I'd advocate for waiting until all of the discovery work occurring in OASIS, IETF, and W3C shakes out before we make changes to how OpenID discovery works. I'd much rather make this sort of change once rather than twice. --David On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote: I'm just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better… =Drummond -- *From:* specs-boun...@openid.net [mailto:specs-boun...@openid.netspecs-boun...@openid.net ] *On Behalf Of *David Fuelling *Sent:* Friday, December 26, 2008 8:47 AM *To:* Nat Sakimura *Cc:* John Bradley; specs@openid.net *Subject:* Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Nat Sakimura (=nat) http://www.sakimura.org/en/ ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
Agreed that it makes sense to split it out when the underlying work (XRD 1.0) is ready. =Drummond _ From: David Recordon [mailto:drecor...@sixapart.com] Sent: Sunday, January 04, 2009 11:24 PM To: Drummond Reed Cc: sappe...@gmail.com; 'Nat Sakimura'; 'John Bradley'; specs@openid.net Subject: Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group) I'd advocate for waiting until all of the discovery work occurring in OASIS, IETF, and W3C shakes out before we make changes to how OpenID discovery works. I'd much rather make this sort of change once rather than twice. --David On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote: I'm just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better. =Drummond _ From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of David Fuelling Sent: Friday, December 26, 2008 8:47 AM To: Nat Sakimura Cc: John Bradley; specs@openid.net Subject: Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
I'm just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better. =Drummond _ From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of David Fuelling Sent: Friday, December 26, 2008 8:47 AM To: Nat Sakimura Cc: John Bradley; specs@openid.net Subject: Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Separation of Discovery from AuthN (was Proposal to form Discovery Working Group)
I'd advocate for waiting until all of the discovery work occurring in OASIS, IETF, and W3C shakes out before we make changes to how OpenID discovery works. I'd much rather make this sort of change once rather than twice. --David On Jan 4, 2009, at 11:14 PM, Drummond Reed wrote: I’m just catching up on holiday mail and wanted to add another +1 to separation of Discovery from AuthN. The sooner the better… =Drummond From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of David Fuelling Sent: Friday, December 26, 2008 8:47 AM To: Nat Sakimura Cc: John Bradley; specs@openid.net Subject: Re: Proposal to form Discovery Working Group On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n- sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Proposal to form Discovery Working Group
On Thu, Dec 25, 2008 at 10:56 AM, Nat Sakimura n-sakim...@nri.co.jp wrote: 2. Separation of OP into Discovery Service and Authentication Service. In the current terminology, OP spans both Discovery Service and Authentication Service. We should be explicit about it. +1. I would like to see discovery services separated from OP services too. John Bradley wrote: Breno, I agree. I recommended separating discovery into a separate doc for 2.1. There didn't seem to be support for the idea at the time, perhaps circumstances have changed and the idea will be accepted now. Regards John Bradley =jbradley ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Proposal to form Discovery Working Group
Agreed with Breno here. We're going to have to make a change to OpenID discovery at some point over the next year as other groups finish their evolutions of Yadis, XRDS, etc. I like this being a separate WG since it means that the core Auth spec can choose to move to using it at a later date versus being tied up on it's development. --David On Dec 20, 2008, at 12:48 AM, Breno de Medeiros wrote: It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS- Simple is intended to be compatible with Yadis? Or is backwards- compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration. V. Anticipated audience All those interested in the OpenID specifications. VI. Language of business English. VII. Method of work Mailing list discussion. Posting of intermediate drafts in the OpenID Wiki. Virtual conferencing on an ad-hoc basis. VIII. Basis for completion of the activity The discovery document is final and all deliverables have been incorporated into the OpenID Authentication spec, perhaps by reference. Background Information I. Related Work XRD 1.0 spec, being drafted by the OASIS XRI TC. II. Initial Membership * Brian Eaton, bea...@google.com, Google, Inc. * Johannes Ernst, jer...@netmesh.us, NetMesh. (editor) * Eran Hammer-Lahav, e...@hueniverse.com, Yahoo! Inc. * Breno de Medeiros, br...@google.com, Google, Inc. (editor) * David Recordon,
Re: Proposal to form Discovery Working Group
For the time being, I would be happy if the 2.1 spec moved all the references to discovery to a second document. The first version of the separate document would just clone the current approach to discovery in the 2.0 spec. If the updated version that explains XRD discovery is available before the 2.1 WG completes its work, then it could refer to the new document, otherwise it could refer to the old document. In the case of pointing to old document, we probably should add an appendix noting that changes in discovery to support new use cases are coming, and pointers on how to manage the transition. On Mon, Dec 22, 2008 at 10:27 AM, David Recordon drecor...@sixapart.com wrote: Agreed with Breno here. We're going to have to make a change to OpenID discovery at some point over the next year as other groups finish their evolutions of Yadis, XRDS, etc. I like this being a separate WG since it means that the core Auth spec can choose to move to using it at a later date versus being tied up on it's development. --David On Dec 20, 2008, at 12:48 AM, Breno de Medeiros wrote: It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration. V. Anticipated audience All those interested in the OpenID specifications. VI. Language of business English. VII. Method of work Mailing list discussion.
Re: Proposal to form Discovery Working Group
BTW, the discovery WG proposal does not appear in the new version of the wiki. On Mon, Dec 22, 2008 at 11:07 AM, Breno de Medeiros br...@google.com wrote: For the time being, I would be happy if the 2.1 spec moved all the references to discovery to a second document. The first version of the separate document would just clone the current approach to discovery in the 2.0 spec. If the updated version that explains XRD discovery is available before the 2.1 WG completes its work, then it could refer to the new document, otherwise it could refer to the old document. In the case of pointing to old document, we probably should add an appendix noting that changes in discovery to support new use cases are coming, and pointers on how to manage the transition. On Mon, Dec 22, 2008 at 10:27 AM, David Recordon drecor...@sixapart.com wrote: Agreed with Breno here. We're going to have to make a change to OpenID discovery at some point over the next year as other groups finish their evolutions of Yadis, XRDS, etc. I like this being a separate WG since it means that the core Auth spec can choose to move to using it at a later date versus being tied up on it's development. --David On Dec 20, 2008, at 12:48 AM, Breno de Medeiros wrote: It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration.
Re: Proposal to form Discovery Working Group
Can you please put it on http://wiki.openid.net/Working_Groups%3AOpenID_Discovery? Thanks, --David On Dec 22, 2008, at 11:08 AM, Breno de Medeiros wrote: BTW, the discovery WG proposal does not appear in the new version of the wiki. On Mon, Dec 22, 2008 at 11:07 AM, Breno de Medeiros br...@google.com wrote: For the time being, I would be happy if the 2.1 spec moved all the references to discovery to a second document. The first version of the separate document would just clone the current approach to discovery in the 2.0 spec. If the updated version that explains XRD discovery is available before the 2.1 WG completes its work, then it could refer to the new document, otherwise it could refer to the old document. In the case of pointing to old document, we probably should add an appendix noting that changes in discovery to support new use cases are coming, and pointers on how to manage the transition. On Mon, Dec 22, 2008 at 10:27 AM, David Recordon drecor...@sixapart.com wrote: Agreed with Breno here. We're going to have to make a change to OpenID discovery at some point over the next year as other groups finish their evolutions of Yadis, XRDS, etc. I like this being a separate WG since it means that the core Auth spec can choose to move to using it at a later date versus being tied up on it's development. --David On Dec 20, 2008, at 12:48 AM, Breno de Medeiros wrote: It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within
Re: Proposal to form Discovery Working Group
Done. Also updated the status of both the Discovery and the AX 2.0 WG to say status = Draft charter submitted for consideration by the specs council I have emailed the OpenID spec with the proposed charters, so I understand that the above status description is accurate. On Mon, Dec 22, 2008 at 3:57 PM, David Recordon drecor...@sixapart.com wrote: Can you please put it on http://wiki.openid.net/Working_Groups%3AOpenID_Discovery? Thanks, --David On Dec 22, 2008, at 11:08 AM, Breno de Medeiros wrote: BTW, the discovery WG proposal does not appear in the new version of the wiki. On Mon, Dec 22, 2008 at 11:07 AM, Breno de Medeiros br...@google.com wrote: For the time being, I would be happy if the 2.1 spec moved all the references to discovery to a second document. The first version of the separate document would just clone the current approach to discovery in the 2.0 spec. If the updated version that explains XRD discovery is available before the 2.1 WG completes its work, then it could refer to the new document, otherwise it could refer to the old document. In the case of pointing to old document, we probably should add an appendix noting that changes in discovery to support new use cases are coming, and pointers on how to manage the transition. On Mon, Dec 22, 2008 at 10:27 AM, David Recordon drecor...@sixapart.com wrote: Agreed with Breno here. We're going to have to make a change to OpenID discovery at some point over the next year as other groups finish their evolutions of Yadis, XRDS, etc. I like this being a separate WG since it means that the core Auth spec can choose to move to using it at a later date versus being tied up on it's development. --David On Dec 20, 2008, at 12:48 AM, Breno de Medeiros wrote: It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications.
Re: Proposal to form Discovery Working Group
It is part of the scope of this group to develop a best-practices guidance for transition from YADIS to XRD discovery. Full backward-compatibility is not a goal, since at least one new mechanism for publishing discovery information is expected to make part of XRD discovery (dynamic mapping type), and this new mechanism is being put there (in XRD discovery) in large part because the current YADIS mechanism makes it difficult for smaller sites to become OPs/RPs by using a hosted solution (so it is an OpenID-driven need for wider adoption). XRD discovery is also expected to include a signing mechanism, which will allow for use of higher-security discovery profiles. As part of this best-practices document, the OpenID discovery spec should give guidance on the security characteristics of each profile. The current mechanism (which limits re-directs and enforces realm authority = return_to url authority) will constitute a profile and there will likely be at least a second profile that verifies signatures on the discovered documents but allow for unmatched realm/return_to URLs. That being said, we are certainly aware of the need to make the transition as smooth as possible, and that is why it is part of the scope of this group to write a transitions guidance document. On Fri, Dec 19, 2008 at 11:28 PM, Mike Jones michael.jo...@microsoft.com wrote: Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration. V. Anticipated audience All those interested in the OpenID specifications. VI. Language of business English. VII. Method of work Mailing list discussion. Posting of intermediate drafts in the OpenID Wiki. Virtual conferencing on an ad-hoc basis. VIII. Basis for completion of the activity The discovery document is final and all deliverables have been incorporated into the OpenID Authentication spec, perhaps by reference. Background Information I. Related Work XRD 1.0 spec, being drafted by the OASIS XRI TC. II. Initial Membership * Brian Eaton, bea...@google.com, Google, Inc. * Johannes Ernst, jer...@netmesh.us, NetMesh. (editor) * Eran Hammer-Lahav, e...@hueniverse.com, Yahoo! Inc. * Breno de Medeiros, br...@google.com, Google, Inc. (editor) * David Recordon, da...@sixapart.com, Six Apart Ltd. * Drummond Reed, drummond.r...@cordance.net, Cordance * Nat Sakimura, n-sakim...@nri.co.jp, NRI -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand
Proposal to form Discovery Working Group
Can you add a clear statement to the draft charter that implementations already using Yadis will remain compatible with the output of this working group, since, as I understand it, XRDS-Simple is intended to be compatible with Yadis? Or is backwards-compatibility with existing OpenID 2.0 implementations not a goal of this work? -- Mike -Original Message- From: specs-boun...@openid.net [mailto:specs-boun...@openid.net] On Behalf Of Breno de Medeiros Sent: Thursday, December 18, 2008 6:14 PM To: OpenID Specs Mailing List Cc: David Recordon; Brian Eaton; Johannes Ernst Subject: Proposal to form Working Group I would like to submit the following proposal for a working group charter (also available at http://wiki.openid.net/Working_Groups:Discovery): Services and Metadata Discovery Coordination Working Group (Discovery) Charter Proposal In accordance with the OpenID Foundation IPR policies and procedures this note proposes the formation of a new working group chartered to produce an OpenID specification. As per Section 4.1 of the Policies, the proposed charter is below (still liable to change during this feedback period). I. Name Services and Metadata Discovery Coordination Working Group (Discovery) II. Statement of Purpose Produce a document describing the OpenID discovery workflow, updating the current mechanism to describe how to use OASIS specifications for discovery, to be drafted by the OASIS XRI TC. The intention is that the document will be incorporated as part of some future version of the OpenID Authentication spec. III. Scope Produce a document describing the use of OASIS discovery specifications as formulated by the OASIS XRI TC, for normative application by all other OpenID specifications. Produce a document describing the recommended migration of services discovery from the Yadis 1.0 specification to the discovery specifications currently being developed by the OASIS XRI TC. All types of identifiers addressed by OASIS XRI TC discovery (XRD 1.0) are within scope of this WG. Publish a list of service and resource types supported by the discovery mechanism. IV. Specifications OpenID Discovery, including a sub-spec for Trusted OpenID Discovery, and a best-practices guidance document for migration. V. Anticipated audience All those interested in the OpenID specifications. VI. Language of business English. VII. Method of work Mailing list discussion. Posting of intermediate drafts in the OpenID Wiki. Virtual conferencing on an ad-hoc basis. VIII. Basis for completion of the activity The discovery document is final and all deliverables have been incorporated into the OpenID Authentication spec, perhaps by reference. Background Information I. Related Work XRD 1.0 spec, being drafted by the OASIS XRI TC. II. Initial Membership * Brian Eaton, bea...@google.com, Google, Inc. * Johannes Ernst, jer...@netmesh.us, NetMesh. (editor) * Eran Hammer-Lahav, e...@hueniverse.com, Yahoo! Inc. * Breno de Medeiros, br...@google.com, Google, Inc. (editor) * David Recordon, da...@sixapart.com, Six Apart Ltd. * Drummond Reed, drummond.r...@cordance.net, Cordance * Nat Sakimura, n-sakim...@nri.co.jp, NRI -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
