Re: Server-to-server channel

2007-04-05 Thread Martin Atkins
[I initially sent this to Chris directly, because he sent his message to me directly. Then I noticed he'd also replied on the list. Hopefully he'll see this before my private reply and we can avoid another go-around of duplicate messages!] Chris Drake wrote: MA For some things it's

Re[3]: Server-to-server channel

2007-04-05 Thread Chris Drake
Hi Martin, Yes - sorry - I accidentally hit reply instead of reply all. I later did re-post to the list though. For the benefit of the list, your reply is at the end here. Re-reading my reply, I think my wording sounded pretty strong, and I might not have made it clear that I'm not pushing for

Re: Server-to-server channel

2007-04-05 Thread Douglas Otis
On Wed, 2007-04-04 at 20:02 +, Vinay Gupta wrote: On Apr 4, 2007, at 7:43 PM, Douglas Otis wrote: Hm. Well, I don't to suggest that we tear off fixing or expressing the whole semantics of PKI, but I do think that some care should be taken to make sure that it's clear what the security

Re: Re[3]: Server-to-server channel

2007-04-05 Thread Vinay Gupta
On having your private data cached: the current web model allows businesses to simply own your data into a database, correlate it across multiple databases (doubleclick) and so on. I think that to expect them to give up this privilege (and revenue stream from targeted advertising) is

Re: Server-to-server channel (now: Kerberos, Phishing)

2007-04-05 Thread Vinay Gupta
One further thought on Kerberos: as far as I know, Kerberos is a minimal implementation - nothing simpler than this actually works in the real world, and the Kerberos operating environment is a bit simpler than what is being discussed in some instances here, in terms of managing the

Re: Re[2]: Server-to-server channel

2007-04-05 Thread Dick Hardt
On 4-Apr-07, at 8:59 PM, Chris Drake wrote: Thursday, April 5, 2007, 5:43:02 AM, you wrote: [snip] DO How these keys are handled internally could be left to the DO consumer or RP. [snip] This sounds like another *strong* use-case for updating the OpenID protocol to allow transactions

Attestation

2007-04-05 Thread McGovern, James F \(HTSC, IT\)
The term attestation has a distinct legal meaning but within an IT context may be used interchangably with the notion of certification or periodic review. There are of course several levels of attestation. I propose that minimally OpenID incorporate the first notion where someone certifies you are

Re: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Dick Hardt
Doing the work in the ID Schemas project was a good idea 3 months ago and 6 months ago. So far not much has happened there. I agree that having several groups do the same thing is undesirable, but we do need to get moving. We need URIs for moving attributes today. We can wait for the

Server-to-server channel

2007-04-05 Thread McGovern, James F \(HTSC, IT\)
I would think this would be better solved by leveraging the Oracle Identity Framework and using components such as AAPML and CARML Message: 3 Date: Thu, 5 Apr 2007 10:57:22 + From: Vinay Gupta [EMAIL PROTECTED] Subject: Re: Re[3]: Server-to-server channel To: Chris Drake [EMAIL PROTECTED] Cc:

Re: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Dick Hardt
On 4-Apr-07, at 1:16 PM, Recordon, David wrote: Johnny, I see a lot of, at least my initial confusion, coming from there being multiple documents. This is why I urge merging the transport and metadata since the reality is they currently are only being used with each other. As the metadata

Re: Attribute Exchange 1.0 svn revision 295 review

2007-04-05 Thread Dick Hardt
On 4-Apr-07, at 2:07 PM, Josh Hoyt wrote: Is editing of this spec by authors of other OpenID specifications welcome? (I hope that by this review and my past spec work I'm showing that I have adequate understanding and appropriate goals.) Yes! Great feedback below Update URL issues

RE: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Recordon, David
I guess I don't see why blaming the ID Schemas project for not much happening is a good excuse for not doing it there. People who care will either have to drive this work within the OpenID project or the ID Schemas project; I fail to see how the effort required in each differs greatly. In some

RE: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Recordon, David
Actually it is describing a document format, and it could easily be used by other groups as evidenced by references from people in the ID Schemas group. I agree that it could be, but is anyone? I love shooting beyond the 80% to get the remaining 20%, but if that is just a pipe dream then I

Re: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Dick Hardt
On 5-Apr-07, at 9:06 AM, Recordon, David wrote: Actually it is describing a document format, and it could easily be used by other groups as evidenced by references from people in the ID Schemas group. I agree that it could be, but is anyone? It leaves the option open. I love shooting

Re: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Johannes Ernst
On Apr 5, 2007, at 9:02, Recordon, David wrote: In some senses, I think if people gather as part of the ID Schemas project and try to move this work forward, it will actually be more successful than trying to do it here. I would agree with this. Johannes Ernst NetMesh Inc.

Re: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Dick Hardt
If you would let us put the attributes on the website, then other people could see them and comment on them. On 5-Apr-07, at 9:02 AM, Recordon, David wrote: I guess I don't see why blaming the ID Schemas project for not much happening is a good excuse for not doing it there. Blame? ... just

some questions on OpenID AX 1.0 draft 4

2007-04-05 Thread Mark Wahl
http://openid.net/specs/openid-attribute-exchange-1_0-04.html 1. Section 2 states that the store operation saves or updates attribute information on the OpenID Provider. How does an RP delete an attribute when updating information on the OP? 2. Section 3.2 states that If an attribute type

Re: Web Access Management

2007-04-05 Thread Hans Granqvist
Ping demoed OpenID technology at RSA. I hear Novell and IBM are looking at supporting OpenID. Microsoft has said they will in future products. Oracle and CA are following OpenID. So, yes. :-) I'm curious why almost all of these companies are non-existent on the mailing lists. Any

Re: Server-to-server channel

2007-04-05 Thread Martin Atkins
Chris Drake wrote: Hi Martin, Yes - sorry - I accidentally hit reply instead of reply all. I later did re-post to the list though. For the benefit of the list, your reply is at the end here. Re-reading my reply, I think my wording sounded pretty strong, and I might not have made it

Re: Attribute Exchange 1.0 svn revision 295 review

2007-04-05 Thread Josh Hoyt
On Apr 5, 2007 at 8:41 AM, Dick Hardt [EMAIL PROTECTED] wrote: There is no way to say I want as many of X as you have, and I don't care how many that is Good point. Perhaps have a magic value like -1 to indicate as many as the user will release? I had thought the RP would likely have a

Re: Promoting OpenID

2007-04-05 Thread Chris Messina
I thought it was interesting to discover this: http://www.atlassian.com/software/crowd/ On the one hand, this is interesting from a marketing perspective, and I think we need more education materials and demonstrations of how this technology can be used. On the other, I personally think selling

Re: Promoting OpenID

2007-04-05 Thread Johannes Ernst
On Apr 5, 2007, at 18:36, Chris Messina wrote: ... I personally think selling to the enterprise is nearly impossible without tons of grassroots adoption ... I disagree. ;-) Now granted, there are many, many things that we all need to do and that need to happen to make OpenID suitable for