Announce: OpenID Authentication Draft 12 (finally)

2007-08-27 Thread Josh Hoyt
Hello OpenID community,

I'm happy to announce draft 12 of the OpenID Authentication 2.0
specification [1]. It's been a long time [2] since the previous draft,
and it's past time that we get the work that has been done out, so
that users and developers can benefit from OpenID 2.0.

In the next month, we'd like to see implementers update their
libraries or applications to be draft 12 compliant and perform
interoperability testing. Once this period is over (October 1st), we
should call the specification final, pending final IPR clearance from
contributors. If we have IPR clearance by that point, we can call the
spec final on October 1st.

In the past, we've had timelines proposed and slipped. I don't think
there's any reason for that to happen in this case, and I hope that
the community will hold the editors accountable.

Let's get this done!




3. Major changes to the OpenID authentication specification, draft 11
to draft 12:

* Specify handling of URL fragments

* Realm verification using XRDS discovery

* Don't allow unencrypted secret exchange unless operating with
  transport layer encryption
specs mailing list

Re: OpenID Trusted Authentication Extension

2007-08-27 Thread David Fuelling

Have a look at OAuth (  I think it's
currently a private google group, but it seems like you've given a lot of
thought to this type of thing, so I'm sure the group owners would welcome
your input.  There's a lot of activity going on over there.


On 8/26/07, John Ehn [EMAIL PROTECTED] wrote:

 I have created a draft of a new specification that I think will help to
 fill a gap in OpenID functionality.

 What appears to be a newer productivity feature of many websites is the
 ability to import and utilize information from other sites.  For instance,
 Basecamp provides an API that allows other systems to access user data.
 This is a great feature, but it currently cannot be done with OpenID, due to
 the dependence on end-user interaction during the authentication process.

 The Trusted Authentication Extension provides for the ability for an
 OpenID Consumer to log in to another OpenID Consumer without user
 interaction.  The end user will be able to create a trusted connection
 between two OpenID enabled sites, which will allow a client site to access a
 destination site using the end user's Identity.

 Please provide your comments and feedback, as they are most appreciated.

 Thank you,

 John Ehn

 specs mailing list

specs mailing list