My understanding is that we need to get the IPR process finalized,
then cross all the t's and dot the i's from the intellectual property
perspective for the 2.0 spec(s), and then declare 2.0 to be final.
Would be too embarrassing if we declared a spec final and then
discovered that it did no
PAPE may be another approach (to support per-user per-RP login policies). It
certainly will not always be “cleaner”. It is not a reason against enabling a
discovery-based approach.
This PAPE suggestion requires the RP and OP to implement what the user wants. A
discovery-based approach only requ
James Henstridge,
> why wouldn't this alternative [doing it all at the OP] be appropriate?
It would be great if OPs offered lots of functionality (such as per-User per-RP
policies), while remaining simple to use and understand. The great feature of
OpenID is that is allows each user to choose l
On 17-Oct-07, at 2:42 AM, James Henstridge wrote:
> The next one is not so much a question as an observation: As an
> identity URL may change its delegation over time (possibly without the
> underlying OP's knowledge), it is possible that an RP will receive
> updates from an OP that is not author
On 17-Oct-07, at 2:42 AM, James Henstridge wrote:
> The next question is how much information from the original OpenID
> authentication request/response can the RP expect to be included in
> the subsequent update responses.
Attribute Exchange is an OpenID extension, so a full/valid/positive
as
Hi James,
On 17-Oct-07, at 2:42 AM, James Henstridge wrote:
> I have a few more questions about the update_url feature of OpenID
> attribute exchange that I feel could do with answers in the
> specification.
>
> For the questions, imagine an OpenID RP with the following properties:
>
> 1. The RP
On 16-Oct-07, at 7:58 PM, Manger, James H wrote:
> Use case: Alice wants to use different OPs for different RPs, while
> keeping the same URL (eg http://alice.example.net/). For instance,
> when logging into a service hosting her backups she wants to use an
> OP that requires a one-time pas
I have a few more questions about the update_url feature of OpenID
attribute exchange that I feel could do with answers in the
specification.
For the questions, imagine an OpenID RP with the following properties:
1. The RP provides a unified login/signup workflow, so that if a user
signs in with
On 17/10/2007, Manger, James H <[EMAIL PROTECTED]> wrote:
> Other solutions:
>
> OPs can offer different authentication mechanisms based on the
> openid.return_to or openid.realm parameter in an authentication request.
> However, the user has less flexibility when they have to relying on OPs.
If t
The User-Agent field does not have the right semantics. I hope that field could
be used, for instance, to notice which Relying Parties are using a particular
version of Janrain’s Java library for OpenID. It is probably reasonable for
Bloglines, Google etc to identify themselves in the User-Agent
10 matches
Mail list logo