Are there special considerations for either relying parties when they may be
protected by Web Access Management products? For example, if I initially sign
onto a web site using OpenID, I still will need for the Web Access Management
product to create a secure cookie that contains a session
VeriSign's Consumer Authentication Service authenticates customers by using
real-time automation processes in combination with unique interactive question.
Once consumers are properly authenticated by CAS, enterprises can be assured of
their identity, and they can
execute secure business
So far, neither OpenID nor CardSpace define the notion of a session,
so no common logout is possible within the standard protocols.
What we do in our code at NetMesh is to add a convention where
RP-URL?lid=OPENID
is the same thing as submitted OpenID URL in the first form, to
which the
On 5-Apr-07, at 9:18 AM, Recordon, David wrote:
I don't think this is really that important of a point given all the
other things we need to do. People are doing to do things different
then you would, but get the same result -- is that ok?
I'm fine with doing things differently, I'm not
On 5-Apr-07, at 9:24 AM, Recordon, David wrote:
Dick, see my other message but this is not about ME stopping you!
We wanted to publish them on the website so that other people could
look at them, but you did not want to do that, and you control the
domain.
Dick, that isn't a fair statement
OpenID Attribute Exchange (AX) uses URLs to uniquely identity
attributes. The URLs are resolvable to provide meta data that is both
machine and human readable.
In order to do anything useful with AX, some commons identity
attributes need to be defined.
I would propose that we start off
On Apr 6, 2007, at 10:21, Dick Hardt wrote:
On 5-Apr-07, at 9:18 AM, Recordon, David wrote:
... IMHO for simplicity sake of
reading the AX documents this format description should be merged
into
the core protocol spec. If down the road it should be split out
then it always can be.
Well,
On 4/6/07, Dick Hardt [EMAIL PROTECTED] wrote:
On 5-Apr-07, at 9:18 AM, Recordon, David wrote:
I'm fine with doing things differently, I'm not arguing that a
metadata
format should not be created, just that IMHO for simplicity sake of
reading the AX documents this format description
I would think that you wouldn't need to track the notion of a session but have
something where the selector that tracked where the card was previously sent in
terms of a list would allow you to graphically send another event. You could
optionally walk a list based on each card.
-Original
On 6-Apr-07, at 10:34 AM, Johannes Ernst wrote:
Well, as one of the people that wrote the documents. We decided that
having separate documents was better. Thanks for sharing your
opinion. I have a different opinion.
For somebody who currently doesn't have an opinion on this subject,
could
I think this means that the Selector MUST implement async firing capability. A
user should not wait nor should this be syncronous. Likewise if a session has
already been logged out, then by contract then the RP should simply ignore.
-Original Message-
From: Johannes Ernst [mailto:[EMAIL
well with OpenID atleast, I think we can easily design a logout
extension, where an RP can register it's logout handler with OP during
login flow (checkid_immediate/checkid_setup) and the OP could call each
of the RP's logout handlers (in the browser) that are registered with
the current
On 4/6/07, Praveen Alavilli [EMAIL PROTECTED] wrote:
well with OpenID atleast, I think we can easily design a logout
extension, [...]
Any reason why something like this was not incorporated into the specs yet ?
There is not general agreement on how this feature should be
implemented, or even
On Apr 6, 2007, at 12:13, Praveen Alavilli wrote:
Any reason why something like this was not incorporated into the
specs yet ?
We just needed a volunteer like you to take it on ;-) ;-)
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
If there was something out there already, I would propose we used it.
There is not.
Just like the SAML crowd has accused the OpenID crowd of reinventing
an identity protocol (AKA reinventing the wheel) -- the AX proposal
has some unique concepts that people like Paul and Mark think are
In thinking about this, wouldn't it be interesting if the RP could return a URL
that the selector could callback on? Of course this would be optional.
*
This communication, including attachments, is
for the exclusive use
On 4/6/07, Dick Hardt [EMAIL PROTECTED] wrote:
I agreed with you previously that the response being able to work
either way if the request can. Sorry if that was not clear.
Great. That will simplify the code.
Given this change, is there still the need to have the special case
for sending an
On 4/6/07, Praveen Alavilli [EMAIL PROTECTED] wrote:
I could only go only till Aug 2006 on the mail archives here:
http://openid.net/pipermail/specs/ and nothing found specifically on
logout' (atleast based on the thread subjects).
I'd also search the other mailing lists, because the
I think it is great that there is new and innovative work in what you've
been doing. I would also think that it would benefit the entire
user-centric (and even non-user-centric) community to take advantage of
this work regardless of the technology. By having it rooted on
openid.net, I think
On 5-Apr-07, at 9:24 AM, Recordon, David wrote:
I'm all about taking advantage of existing momentum, but I have a hard
time seeing anyone who cares about AX being unwilling to have this
discussion as a part of the ID Schemas community. If there is anyone,
I'd certainly like to understand the
On Apr 6, 2007, at 14:40, Johnny Bufu wrote:
Which makes me think that this could
actually work with what we have today, if we defined a openid-logout-
notification attribute, and the RPs registered for updates when its
value changes.
This sounds like you are conflating attributes of the
Ah, but I ask you this. If a rugby player falls in the forest, does
anybody care? ;-)
Seriously though, the issue here isn't really whether or not you and
your friends will go to the rugby game,
it's whether or not the rugby league organizers are trying to get you to
go to the rugby game at
On 6-Apr-07, at 4:09 PM, Laurie Rae wrote:
Seriously though, the issue here isn't really whether or not you
and your friends will go to the rugby game,
it's whether or not the rugby league organizers are trying to get
you to go to the rugby game at the appropriate venue.
I would say the
The work is not rooted in openid.net. We are starting there. We can
easily point those definitions somewhere else later, but we need
somewhere to start.
Given that the community that cares today is in OpenID, and the
domain the community has is openid.net, it would make sense to use
that
You also could go buy idschemas.org and start there, to be migrated
later if need be. I don't really care who owns the domain since the
wider community will hold the owner to do the right thing, though I'd
imagine donating it to Identity Commons to hold would be an easy thing
to do.
Yes,
On Apr 5, 2007, at 3:49 AM, Vinay Gupta wrote:
On Apr 5, 2007, at 10:40 AM, Douglas Otis wrote:
Although the world demands GUI, terminal interfaces already offer
a powerful set of tools for doing exactly what is needed. Public
key cryptography reduces the overhead and security concerns
26 matches
Mail list logo