Re: [PROPOSAL] authentication age

2006-10-05 Thread Dick Hardt
Kevin, thanks for the well articulated argument. I do see this as something that is completely within the End Users control, and if the End User chose to ignore it, then that is their choice. The use case is that for convenience, a site wants to let the user do certain functions without

Summarizing Where We Are

2006-10-05 Thread Recordon, David
Trying to catch up on all the discussion in the past 36 hours. Been great to read through it all, really shows the interest and excitement that we all have in OpenID. I do however want to rope everyone back in a bit so we can focus on what is going to be a reality within the Auth 2.0 spec. I

[VOTE] Rename openid.nonce to openid.response_nonce

2006-10-05 Thread Recordon, David
Stemming from the proposal to add a request nonce, the idea to rename the openid.nonce field to openid.response_nonce surfaced. Is this something that we should do? Vote closes Tuesday the 10th at 3:30pm PST. Votes are +1 (in support of idea), 0 (abstain), or -1 (disagree). Traditionally a -1

[PROPOSAL] Remove setup_url

2006-10-05 Thread larry drebes
I'm sorry this proposal did not get put up on the wiki earlier. Brian Ellin proposed removing setup_url back in Aug. Here's a copy of the text A couple of days ago I started working on an immediate mode OpenID consumer. I

Re: [PROPOSAL] Separate Public Identifier from IdP Identifier

2006-10-05 Thread Marius Scurtescu
On 5-Oct-06, at 3:36 PM, Recordon, David wrote: Conceptually I think I like this model. It does seem easier to understand. Other thoughts on this? I am still not sure how the delegated identifier is useful. I did miss the earlier discussions, so probably I don't have enough background

Adoption questions

2006-10-05 Thread Chris Drake
I still worry about end-user experience, privacy, and OpenID usefulness to RPs running non-trivial services. Can someone outline how user privacy gets maintained? (and what, if anything, a user needs to do and/or understand to support this?) Would any RP handling, say, credit-card data, be