Kevin, thanks for the well articulated argument.
I do see this as something that is completely within the End Users
control, and if the End User chose to ignore it, then that is their
choice.
The use case is that for convenience, a site wants to let the user do
certain functions without
Trying to catch up on all the discussion in the past 36 hours. Been
great to read through it all, really shows the interest and excitement
that we all have in OpenID. I do however want to rope everyone back in
a bit so we can focus on what is going to be a reality within the Auth
2.0 spec.
I
Stemming from the proposal to add a request nonce, the idea to rename
the openid.nonce field to openid.response_nonce surfaced. Is this
something that we should do?
Vote closes Tuesday the 10th at 3:30pm PST. Votes are +1 (in support of
idea), 0 (abstain), or -1 (disagree). Traditionally a -1
I'm sorry this proposal did not get put up on the wiki earlier. Brian
Ellin proposed removing setup_url back in Aug.
http://lists.danga.com/pipermail/yadis/2006-August/002824.html
Here's a copy of the text
A couple of days ago I started working on an immediate mode OpenID
consumer. I
On 5-Oct-06, at 3:36 PM, Recordon, David wrote:
Conceptually I think I like this model. It does seem easier to
understand.
Other thoughts on this?
I am still not sure how the delegated identifier is useful. I did
miss the earlier discussions, so probably I don't have enough
background
I still worry about end-user experience, privacy, and OpenID
usefulness to RPs running non-trivial services.
Can someone outline how user privacy gets maintained? (and what, if
anything, a user needs to do and/or understand to support this?)
Would any RP handling, say, credit-card data, be
