On 10/18/06, Recordon, David [EMAIL PROTECTED] wrote:
Yeah, the XML file can be based elsewhere.
It is especially noteworthy that unless users are combining services,
the XRDS document can be the same one that the IdP has issued to go
with the IdP-specific URL.
For instance, if I want to use
On 19-Oct-06, at 8:40 AM, Drummond Reed wrote:
I agree the scenarios Dick proposes here make sense. However if the
IdP can
change an identifier parameter, it should be openid.portable,
since: a)
that's the one the RP is going to store, and b) that's the one the
IdP MUST
return with
Martin Atkins wrote:
Granqvist, Hans wrote:
Why not simply call the idp idp, and prefix it OpenID idp
if context or clarification is needed, all referencing an
OpenID spec def of OpenID idp?
While I guess I agree with your objection, I don't like the redundant
ID in OpenID IdP. It
On 10/19/06, Josh Hoyt [EMAIL PROTECTED] wrote:
when she has control
Sorry that I didn't put this all in one message, but:
I think it's worthwhile to be aware of what might happen in scenarios
where your identifier has been stolen, but it should not have much
bearing on which proposal gets
Recordon, David wrote:
Combining this with the fact that there is no viable way to enforce
sections 8.1 or A.4 being MUSTs, I do not believe that they should be
changed from SHOULDs. The only conceivable way I could see of enforcing
something like this is telling a Relying Party that they
On 19-Oct-06, at 11:18 AM, Josh Hoyt wrote:
On 10/19/06, Dick Hardt [EMAIL PROTECTED] wrote:
sigh reread the attack. The portable identifier and the IdP do
match.
In fact, this makes me think of an attack that *would* succeed if the
IdP-specific identifer was not in the response:
when
Isn't this a case where the Yadis infrastructure should be used
instead of Yet Another Link Tag?
On Oct 19, 2006, at 8:21, Drummond Reed wrote:
Martin, I agree with Dick, this is a fascinating idea. P3P had the
same idea
notion for a site advertising the location of the P3P privacy
Back at the dawn of the Web I made the mistake of thinking that the address bar
was the place you type a URI.
We now know that it is the place you type a search term that may be a URL in
canonical form or may be a domain name or may be a search term to be thrown at
a search engine. It was one
Dick, you are right that there are usability challenges with i-numbers and
XDI.org and the i-broker community is working to address them. Although
persistent identifiers are used everywhere in local systems (directories,
databases, object stores, etc.), and the concept has been around at the
