I'm not sure what the right process is, though my hunch is that we'll
know the time is right once there are multiple working OpenID Auth 2.0
RPs and OPs on the web from different vendors that people are at least
testing with. Until code that implements the spec exists in the wild, I
doubt we can
On 1/19/07, Recordon, David [EMAIL PROTECTED] wrote:
So with great pleasure I get to announce the culmination of about nine
months of work between the OpenID, XRI, Sxip, and LID communities in the
drafting of OpenID Authentication 2.0. This evening the editors have
published the final draft
Still totally unhappy about the phishing issues, which I blogged
about here:
http://www.links.org/?p=187
I have a proposal which I think could greatly reduce the risk of
phishing: identity providers should /never/ display their login form
(or a link to the form) on a page that has been
On 19-Jan-07, at 6:19 AM, Ben Laurie wrote:
Still totally unhappy about the phishing issues, which I blogged
about here:
http://www.links.org/?p=187
There are numerous ways of solving this. Several standard methods can
solve it. It is a relationship between the user and the OP and the
