Re: [OpenID] Announce: OpenID Authentication Draft 12 (finally)

2007-08-28 Thread Rowan Kerr
On 28-Aug-07, at 6:11 PM, Johnny Bufu wrote:
 On 27-Aug-07, at 7:05 PM, Peter Williams wrote:
 A. fragment identifiers on user input are to be removed. Do not  
 the separator.

 Good thing we didn't call it final just yet. In my mind the separator
 was part of the fragment, but re-reading the URI RFC it clearly is
 not and you are right.

So, RFC3986 says the # should be left as part of the URL?
Apache logs indicate that user agents (or apache) behave otherwise.

specs mailing list

Re: OpenID Trusted Authentication Extension

2007-08-28 Thread Chris Messina
Hi John,

Looks like there's some consensus around OAuth... ;)

I helped to get OAuth off the ground to solve the very problem that
you're looking to solve -- in our case, enabling Ma.gnolia OpenID
users to use Dashboard Widgets and Twitter API users to authenticate
their apps, eventually using OpenID.

While I appreciate your work on an OpenID-specific extension, I think
there's some legitimacy in looking at a solution that works generally
regardless of the authentication mechanism. By decoupling OpenID and
OAuth, the goal was to make it easier to adopt OAuth first and then
lead into adopting OpenID.

In the case of your spec, which seems like a good piece of work,
there'd be no sense in supporting the extension without supporting
OpenID and as such, has limited benefit in the wild for implementors.
With OAuth, if we're able to get folks like AOL, Google, Yahoo and
others to support it, the amount of effort necessary to support all of
them becomes the same amount of work to support one.

Anyway, I'm glad to see you on the OAuth list. Feel free to poke
around; we're looking to put out a 0.9 Draft and have it implemented
over the course of September in libraries and then release finally a
1.0 Oct 1.



On 8/27/07, David Fuelling [EMAIL PROTECTED] wrote:

 Have a look at OAuth
 (  I think it's
 currently a private google group, but it seems like you've given a lot of
 thought to this type of thing, so I'm sure the group owners would welcome
 your input.  There's a lot of activity going on over there.


 On 8/26/07, John Ehn [EMAIL PROTECTED] wrote:
  I have created a draft of a new specification that I think will help to
 fill a gap in OpenID functionality.
  What appears to be a newer productivity feature of many websites is the
 ability to import and utilize information from other sites.  For instance,
 Basecamp provides an API that allows other systems to access user data.
 This is a great feature, but it currently cannot be done with OpenID, due to
 the dependence on end-user interaction during the authentication process.
  The Trusted Authentication Extension provides for the ability for an
 OpenID Consumer to log in to another OpenID Consumer without user
 interaction.  The end user will be able to create a trusted connection
 between two OpenID enabled sites, which will allow a client site to access a
 destination site using the end user's Identity.
  Please provide your comments and feedback, as they are most appreciated.
  Thank you,
  John Ehn
  specs mailing list

 specs mailing list

Chris Messina
Citizen Provocateur 
  Open Source Advocate-at-Large
Cell: 412 225-1051
Skype: factoryjoe
This email is:   [ ] bloggable[X] ask first   [ ] private
specs mailing list