Re: OpenID Trusted Authentication Extension

2007-08-27 Thread David Fuelling 
John,

Have a look at OAuth (http://groups.google.com/group/oauth).  I think it's
currently a private google group, but it seems like you've given a lot of
thought to this type of thing, so I'm sure the group owners would welcome
your input.  There's a lot of activity going on over there.

David

On 8/26/07, John Ehn <[EMAIL PROTECTED]> wrote:
>
> I have created a draft of a new specification that I think will help to
> fill a gap in OpenID functionality.
>
> What appears to be a newer productivity feature of many websites is the
> ability to import and utilize information from other sites.  For instance,
> Basecamp provides an API that allows other systems to access user data.
> This is a great feature, but it currently cannot be done with OpenID, due to
> the dependence on end-user interaction during the authentication process.
>
> The Trusted Authentication Extension provides for the ability for an
> OpenID Consumer to log in to another OpenID Consumer without user
> interaction.  The end user will be able to create a trusted connection
> between two OpenID enabled sites, which will allow a client site to access a
> destination site using the end user's Identity.
>
> Please provide your comments and feedback, as they are most appreciated.
>
> http://extremeswank.com/openid_trusted_auth.html
>
> Thank you,
>
> John Ehn
> [EMAIL PROTECTED]
>
> ___
> specs mailing list
> specs@openid.net
> http://openid.net/mailman/listinfo/specs
>
>
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Announce: OpenID Authentication Draft 12 (finally)

2007-08-27 Thread Josh Hoyt 
Hello OpenID community,

I'm happy to announce draft 12 of the OpenID Authentication 2.0
specification [1]. It's been a long time [2] since the previous draft,
and it's past time that we get the work that has been done out, so
that users and developers can benefit from OpenID 2.0.

In the next month, we'd like to see implementers update their
libraries or applications to be draft 12 compliant and perform
interoperability testing. Once this period is over (October 1st), we
should call the specification final, pending final IPR clearance from
contributors. If we have IPR clearance by that point, we can call the
spec final on October 1st.

In the past, we've had timelines proposed and slipped. I don't think
there's any reason for that to happen in this case, and I hope that
the community will hold the editors accountable.

Let's get this done!

Josh Hoyt <[EMAIL PROTECTED]>
OpenID: http://j3h.us/



1. http://openid.net/specs/openid-authentication-2_0-12.html

2. http://openid.net/pipermail/specs/2007-January/001155.html

3. Major changes to the OpenID authentication specification, draft 11
to draft 12:

* Specify handling of URL fragments

* Realm verification using XRDS discovery

* Don't allow unencrypted secret exchange unless operating with
  transport layer encryption
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs