RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
Thanks, definitely am! Just catching up on a lot of email now. --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Friday, July 13, 2007 11:05 AM To: Recordon, David Cc: specs@openid.net Subject: Re: OpenID Provider Authentication Policy Extension David

RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
versus not using any policies. 4) Yeah. Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hans Granqvist Sent: Friday, June 22, 2007 3:50 PM To: Recordon, David Cc: specs@openid.net Subject: Re: OpenID Provider Authentication Policy

RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
long ago the user authenticated within the session. 2) I'm fine with time coming back instead of number of seconds. 3) Changed to integer. Thanks, --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Thursday, June 28, 2007 7:31 PM To: Recordon, David Cc: specs

FW: Identifier Liftetime (WAS: RE: [OpenID] Recycling OpenIDs)

2007-07-08 Thread Recordon, David
Just food for thought some day... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evan Prodromou Sent: Monday, June 11, 2007 5:31 AM To: openid-general Subject: Re: [OpenID] Recycling OpenIDs On Sat, 2007-09-06 at 09:47 -0400, Evan Prodromou wrote: If

RE: Writeup of XRDS Canonical ID verification for URLs and XRIs

2007-06-14 Thread Recordon, David
That new wording for the Yadis bit looks good to me! -Original Message- From: =drummond.reed [mailto:[EMAIL PROTECTED] Sent: Thursday, June 14, 2007 4:49 PM To: 'Johnny Bufu' Cc: specs@openid.net; Recordon, David Subject: RE: Writeup of XRDS Canonical ID verification for URLs and XRIs

RE: No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Recordon, David
just not sure if there really is more or less complexity from this standpoint between the two approaches. --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Friday, June 08, 2007 10:15 AM To: Recordon, David Cc: specs@openid.net Subject: Re: No New DB Field

No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Recordon, David
I'm confused as to why a RP having to not create a new DB field is a requirement when looking to solve this problem. RP's implementations already need to change to upgrade from 1.1 to 2.0 and this has never been a requirement in the past. It certainly is nice that storage changes wouldn't be

RE: Questions about IIW Identifier Recycling Table

2007-06-08 Thread Recordon, David
The difference I see is that the current secrets can be renegotiated. If we're working with non-public fragments then they cannot be. If we're working with public fragments, then I'm less concerned. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

Do We Agree on the Problem We're Trying to Solve?

2007-06-08 Thread Recordon, David
I'm not sure if we all think we're trying to solve the same problem. The two problems that have been discussed are: A) Identifier recycling normally in large user-base deployments. i.e. insert big company needs a way to give 'TheBestUsernameEver' to a new user if it has not been used in some

RE: The CanonicalID Approach

2007-06-08 Thread Recordon, David
Will have to ask Drummond his thoughts on how fragments would be used, since this morning it isn't clear to me. --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Friday, June 08, 2007 10:42 AM To: Recordon, David Cc: specs@openid.net Subject: Re: The CanonicalID

RE: Do We Agree on the Problem We're Trying to Solve?

2007-06-08 Thread Recordon, David
Cc: Recordon, David; specs@openid.net Subject: Re: Do We Agree on the Problem We're Trying to Solve? I would suggest that any solution to B is also very likely a solution to A. Anybody disagree? If so, I'd suggest that we should either solve A and B at the same time, or not at all. On Jun

RE: The CanonicalID Approach

2007-06-08 Thread Recordon, David
Atkins Sent: Friday, June 08, 2007 1:42 PM Cc: specs@openid.net Subject: Re: The CanonicalID Approach Josh Hoyt wrote: On 6/7/07, Recordon, David [EMAIL PROTECTED] wrote: What I'd like to markup is that my three reassignable identifiers so that they all use my LiveJournal userid URL

RE: Do We Agree on the Problem We're Trying to Solve?

2007-06-08 Thread Recordon, David
I don't see how it requires a centralized registry, if I choose to trust that LiveJournal, or some ugly URL from AOL, etc will never go away then that is my choice. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt Sent: Friday, June 08,

The CanonicalID Approach

2007-06-07 Thread Recordon, David
So sitting up here in Seattle with Drummond and we're chatting about the Canonical ID approach to the identifier recycling and losing problem. What I describe below is an example which shows four identifiers that I use daily, one of them being persistent and that I know will never be reassigned.

The WordPress User Problem (WAS: RE: Specifying identifier recycling)

2007-06-05 Thread Recordon, David
- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Sunday, June 03, 2007 6:35 PM To: Recordon, David Cc: Johannes Ernst; OpenID specs list Subject: Re: Specifying identifier recycling On 3-Jun-07, at 1:46 AM, Recordon, David wrote: I thought at IIW we agreed that if we could come to quick consensus

RE: Auth 2.0 Extensions: Namespace Prefixes

2007-06-05 Thread Recordon, David
Since it seems no one has replied yet, I'd agree that this would make implementations easier. Iterating via a regular expression seems ugly and hard to do (well except in Perl). :-\ --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins

RE: The WordPress User Problem (WAS: RE: Specifying identifier recycling)

2007-06-05 Thread Recordon, David
at the pretty one. I know I need to write this up more... --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 3:18 PM To: Recordon, David Cc: Josh Hoyt; Johannes Ernst; OpenID specs list Subject: Re: The WordPress User Problem (WAS: RE: Specifying

RE: The WordPress User Problem (WAS: RE: Specifying identifierrecycling)

2007-06-05 Thread Recordon, David
Yes, I think this would be worthwhile to write-up. --David -Original Message- From: =drummond.reed [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:55 PM To: Recordon, David; 'Johnny Bufu' Cc: 'OpenID specs list' Subject: RE: The WordPress User Problem (WAS: RE: Specifying

RE: Specifying identifier recycling

2007-06-03 Thread Recordon, David
PM To: Recordon, David Cc: Johannes Ernst; OpenID specs list Subject: Re: Specifying identifier recycling On 2-Jun-07, at 5:14 PM, Recordon, David wrote: I'd like to see this written as an extension so that if the first approach doesn't work, the Auth spec itself doesn't have to be reverted

RE: Specifying identifier recycling

2007-06-02 Thread Recordon, David
Overall, I'm not sure we are ready in this community to pick one alternative over another as the standards. I have my views, (many) others have (many) others -- and I don't think that any of this has to be in an Authentication 1.x (x1) or 2.0 spec, whatever it will be. This seems like a clean

RE: Specifying identifier recycling

2007-06-01 Thread Recordon, David
Just for reference, this draft spec takes a look at key discovery for OpenID URLs. http://openid.net/specs/openid-service-key-discovery-1_0-01.html --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johannes Ernst Sent: Friday, June 01, 2007 1:40 PM

RE: Review of Yadis section in XRI Resolution 2.0 WD11

2007-05-31 Thread Recordon, David
Hi Drummond, I'd recommend adding a section which pulls together the HEAD and GET methods and describes how'd they be used in conjunction. Also explicitly pointing out that a URL hosting a XRDS document only is required to implement one or more of the discovery mechanisms whereas a service

RE: Realm spoofing spec patch

2007-05-24 Thread Recordon, David
Hey Josh, Thanks for writing this up! I'm a bit confused by the number of SHOULDs in this patch. +Relying Parties SHOULD use the Yadis protocol to publish their +valid return_to URLs. The relying party MAY publish this +information at any URL, and SHOULD publish it under

RE: Final outstanding issues with the OpenID 2.0Authenticationspecification

2007-05-18 Thread Recordon, David
Please no talk of OpenID 3! If anything, 2.1 or the next version. :) Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Thursday, May 17, 2007 2:05 PM To: Alaric Dailey Cc: OpenID specs list Subject: Re: Final outstanding

RE: Final outstanding issues with the OpenID 2.0Authenticationspecification

2007-05-18 Thread Recordon, David
Hey Dmitry, When using Yadis you're able to advertise if you're speaking OpenID 1.1 or 2.0 and thus the RP know which version of the protocol the request should be made in. When using HTML-Based Discovery this is not possible unless the attributes are renamed or a third version tag is added which

RE: RFC: Final outstanding issues with the OpenID 2.0 Authenticationspecification

2007-05-18 Thread Recordon, David
Hey Don, Certainly not alone, though I think what we really need to dig into is if the spec is actually more complex from a feature perspective or because it is much more verbose and adds clarity over 1.1. Splitting discovery into a separate spec I think will also help in the document being less

RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification

2007-05-18 Thread Recordon, David
Hi Dmitry, I don't think the solution is to simple denounce OpenID 2.0, but that will rather only make it worse. Rather I'd invite you to continue these productive conversations to see if the issues can be resolved. I think it would be unfortunate for anyone to just give up. --David

Wiki Login Fixed

2007-05-01 Thread Recordon, David
Thanks to Jonathan from JanRain, you can now login to the wiki again! --David ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

RE: axschema.org instead of openid.net

2007-04-20 Thread Recordon, David
Sounds good! --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dick Hardt Sent: Friday, April 20, 2007 12:46 PM To: OpenID specs list Subject: axschema.org instead of openid.net Thanks everyone for feedback on using schema.openid.net. Here are my

Re: PROPOSAL schema.openid.net for AX (and other extensions)

2007-04-09 Thread Recordon, David
Hey Brian. Just to clarify, I don't think there is disagreement that this should be discussed here. Rather the question is if discussion should be around creating a new schema on openid.net or rather looking at using an exisiting one such as ldap.com that Mark posted about? Ie, discussion

RE: PROPOSAL schema.openid.net for AX (and other extensions)

2007-04-09 Thread Recordon, David
Yes, I agree an upgrade path from SREG is needed. We could however do something as simple as http://openid.net/specs/openid-simple-registration-extension-1_0.html#ni ckname for the existing SREG fields. For new fields, is there a reason we can't use the ldap.com URLs Mark posted as a starting

Re: PROPOSAL schema.openid.net for AX (and other extensions)

2007-04-09 Thread Recordon, David
: Monday, April 09, 2007 07:12 PM Pacific Standard Time To: Recordon, David Cc: James Walker; Martin Atkins; Mark Wahl; OpenID specs list Subject:Re: PROPOSAL schema.openid.net for AX (and other extensions) On 9-Apr-07, at 5:24 PM, Recordon, David wrote: For new fields

Re: SREG namespace URI rollback

2007-04-08 Thread Recordon, David
I'm fine with keeping it 1.0 as Josh proposed. --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Saturday, April 07, 2007 09:38 PM Pacific Standard Time To: Recordon, David Cc: Josh Hoyt; OpenID specs list Subject:Re: SREG namespace URI

RE: PROPOSAL schema.openid.net for AX (and other extensions)

2007-04-06 Thread Recordon, David
when the entire community comes together. I would really like to see this be something that can be used by OpenID, CardSpace, Higgins, SAML, etc. --David -Original Message- From: Dick Hardt [mailto:[EMAIL PROTECTED] Sent: Friday, April 06, 2007 1:07 PM To: Recordon, David Cc: OpenID

RE: PROPOSAL schema.openid.net for AX (and other extensions)

2007-04-06 Thread Recordon, David
To: Recordon, David Cc: OpenID specs list; Paul Trevithick; Mark Wahl Subject: Re: PROPOSAL schema.openid.net for AX (and other extensions) The work is not rooted in openid.net. We are starting there. We can easily point those definitions somewhere else later, but we need somewhere to start. Given

RE: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Recordon, David
PROTECTED] Sent: Thursday, April 05, 2007 8:00 AM To: Drummond Reed Cc: Recordon, David; 'Johnny Bufu'; 'OpenID specs list' Subject: Re: Moving AX Forward (WAS RE: SREG namespace URI rollback) Doing the work in the ID Schemas project was a good idea 3 months ago and 6 months ago. So far not much

RE: Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-05 Thread Recordon, David
] Sent: Thursday, April 05, 2007 8:27 AM To: Recordon, David Cc: Johnny Bufu; OpenID specs list Subject: Re: Moving AX Forward (WAS RE: SREG namespace URI rollback) On 4-Apr-07, at 1:16 PM, Recordon, David wrote: Johnny, I see a lot of, at least my initial confusion, coming from there being

RE: SREG namespace URI rollback

2007-04-04 Thread Recordon, David
just been shoved down my throat over the past six months. --David -Original Message- From: Dick Hardt [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 03, 2007 10:00 PM To: Recordon, David Cc: Josh Hoyt; OpenID specs list Subject: Re: SREG namespace URI rollback I can see an OP thinking

Moving AX Forward (WAS RE: SREG namespace URI rollback)

2007-04-04 Thread Recordon, David
:[EMAIL PROTECTED] Sent: Wednesday, April 04, 2007 12:09 PM To: Recordon, David Cc: Dick Hardt; OpenID specs list Subject: Re: SREG namespace URI rollback David, On 4-Apr-07, at 11:43 AM, Recordon, David wrote: - Cleanup the newly merged http://openid.net/specs/openid-attribute-exchange-1_0-04.html

RE: Promoting OpenID

2007-04-03 Thread Recordon, David
People might be, though nothing real formal that I personally know of. You volunteering? :P --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of McGovern, James F (HTSC, IT) Sent: Monday, April 02, 2007 8:15 AM To: specs@openid.net Subject: Promoting

RE: SREG namespace URI rollback

2007-04-02 Thread Recordon, David
Sure, though I think there has also been a desire to do a bit of an actual rev to SREG to be more of a 1.1 version in terms of either explicitly supporting additional fields (such as avatar) or allowing field names to be URIs themselves versus a hard-coded list of properties. --David

RE: Proposal for Modularizing Auth 2.0 Discovery

2007-03-02 Thread Recordon, David
I agree. I think it is great having a way for people to easily propose new identifier formats and even use them within their own implementations. There does however need to be some sort of community review process before new identifiers are added to OpenID in a public fashion. --David

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
+1, I'm fully in support of this and actually have been wanting to do so for quite a number of weeks now! --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, February 28, 2007 10:44 AM To: specs@openid.net Subject:

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
Well there already is the Yadis spec. Maybe the Yadis spec remains separate versus becoming part of the OASIS XRI Resolution document? --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, February 28, 2007 11:59 AM To:

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
XRDS schema. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, February 28, 2007 12:17 PM Cc: specs@openid.net Subject: Re: Modularizing Auth 2.0 Discovery Recordon, David wrote: Well there already is the Yadis spec

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
I'd be happy with either approach. One spec with a section on each type or separate specs for each. I think small separate specs are slightly harder to comprehend, though make it easer for things like the SMTP extension to develop. --David -Original Message- From: [EMAIL PROTECTED]

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
in total. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Wednesday, February 28, 2007 12:27 PM To: specs@openid.net Subject: Re: Modularizing Auth 2.0 Discovery Recordon, David wrote: Works for me, one thing though is the Yadis

RE: Modularizing Auth 2.0 Discovery

2007-02-28 Thread Recordon, David
: rob [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 28, 2007 1:03 PM To: Recordon, David Cc: Martin Atkins; specs@openid.net Subject: Re: Modularizing Auth 2.0 Discovery Recordon, David wrote: I think I'd lean toward swallowing Yadis in as a part of this spec so it is one fewer documents

RE: Proposal: An anti-phishing compromise

2007-02-08 Thread Recordon, David
Maybe laws are meant to be broken. I don't see why a RP knowing that I used a token as a second factor is a bad thing. If nothing else, the technology should support the OP providing that information and the OP's implementation can let me as the user decide if I want to. Just like the trust

RE: Proposal: An anti-phishing compromise

2007-02-08 Thread Recordon, David
I agree that things like age should be in an extension, though I think this single piece of data is useful in the core protocol. I'm sure the exact definition of phishing resistant will come back to bite us in sometime in the future, but lets deal with it then instead of not adding anything now.

RE: Proposal: An anti-phishing compromise

2007-02-08 Thread Recordon, David
a better OP. An OP lying only hurts its users. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Claus Färber Sent: Friday, February 02, 2007 5:01 AM To: specs@openid.net Subject: Re: Proposal: An anti-phishing compromise Recordon, David [EMAIL

RE: Proposal: An anti-phishing compromise

2007-02-01 Thread Recordon, David
I'm in support of this idea. I think a single parameter in the OP's response will pave the path to integrate solutions to the phishing problem and scales up to the AQE extension as it is re-worked. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

RE: Proposal: An anti-phishing compromise

2007-02-01 Thread Recordon, David
I think we all agree that talking about the method used is far more useful, though with this proposal we're really trying to balance it with simplicity in the authentication protocol itself. Maybe it is better to phrase the discussion around if the user provided a secret (password) to the OP or

RE: DRAFT 11 - FINAL?

2007-01-31 Thread Recordon, David
I'm happy changing it from AJAX. I think it was originally used since AJAX is a bit overloaded already and people normally understand the flashy non-reloading sort of thing when saying it. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rowan

RE: Tiny RDF Schema at openid.net?

2007-01-30 Thread Recordon, David
: Monday, January 29, 2007 10:13 AM To: Recordon, David; Scott Kveton; specs@openid.net Cc: [EMAIL PROTECTED] Subject: RE: Tiny RDF Schema at openid.net? On 29.01.2007 07:53:15, Recordon, David wrote: I'd be happy to do it; I think we were talking about using xmlns.openid.net/foo as a format. Awesome

RE: OpenID Auth 2.0 security considerations

2007-01-30 Thread Recordon, David
Is there a wiki page that exists to point to? Josh and Johnny, see any issues with this? Also any wording to propose Johannes? Thanks, --David -Original Message- From: Johannes Ernst [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 23, 2007 12:57 PM To: Recordon, David Cc: specs

RE: DRAFT 11 - FINAL?

2007-01-30 Thread Recordon, David
Yeah, I'm not a big fan of openid2.* though it was the simplest method of fixing up HTML discovery to work with multiple protocol versions. I know Josh thought about this more than I did though. From what I've seen people do, it is AJAX between your server and application, then OpenID's

RE: OpenID Auth 2.0 security considerations

2007-01-23 Thread Recordon, David
I don't see a problem with that. Would you propose the majority of the security considerations section in the current draft be moved to the wiki? What would be the balance between spec and wiki page? --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: 2.0 Spec Questions

2007-01-23 Thread Recordon, David
James, for 3 have you looked at http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html? I don't think it addresses the specific point you brought up, though may be the right place to do it. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: [OpenID] CROSS POSTING :-(

2007-01-22 Thread Recordon, David
I'd have to agree. I realize I am guilty for the start of this thread announcing the new spec draft, though am hoping we can move this discussion to [EMAIL PROTECTED] if that works for people. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of

RE: Announcing OpenID Authentication 2.0 - Implementor's Draft 11

2007-01-19 Thread Recordon, David
Authentication (David Recordon, Josh Hoyt, Dick Hardt, and Brad Fitzpatrick) oversee this process and make the final determination of when a proposal has matured. -- Dick On 18-Jan-07, at 7:35 PM, Recordon, David wrote: So with great pleasure I get to announce the culmination of about nine months

RE: DRAFT 11 - FINAL?

2007-01-18 Thread Recordon, David
Considering draft 11 hasn't been published yet, I don't see how we can make it final at this point. In addition, the file you link to is a few patches old. While I appreciate your enthusiasm, Josh, Johnny, and I do have a process to this madness. I know you know that we're really close, there

Announcing OpenID Authentication 2.0 - Implementor's Draft 11

2007-01-18 Thread Recordon, David
So with great pleasure I get to announce the culmination of about nine months of work between the OpenID, XRI, Sxip, and LID communities in the drafting of OpenID Authentication 2.0. This evening the editors have published the final draft of the spec, which we now feel is in a solid state for

RE: Identity Based Encryption

2007-01-08 Thread Recordon, David
Hi James, There has been some discussion, though normally around DTP http://openid.net/specs/openid-service-key-discovery-1_0-01.html, http://openid.net/specs/openid-dtp-messages-1_0-03.html, http://openid.net/pipermail/specs/2007-January/001104.html. --David -Original Message- From:

RE: OpenID.net Service Type Namespaces

2007-01-05 Thread Recordon, David
:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 1:07 PM To: Recordon, David Cc: Drummond Reed; specs@openid.net Subject: Re: OpenID.net Service Type Namespaces I get the hostname aspect for another namespace. w3c[1] uses: http://www.w3.org/ns/sss http://www.w3.org//MM/

RE: Key Discovery In DTP Draft 3

2007-01-05 Thread Recordon, David
: Friday, January 05, 2007 8:31 AM To: Recordon, David Cc: Carl Howells; specs@openid.net Subject: Re: Key Discovery In DTP Draft 3 On 1/4/07, Recordon, David [EMAIL PROTECTED] wrote: Hey guys, Was looking at http://openid.net/specs/openid-service-key-discovery-1_0-01.html tonight and curious why

RE: [OpenID] Temporarily redirecting one's identity?

2007-01-04 Thread Recordon, David
I like this idea of using 307, though haven't thought through all the repercussions of doing so. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Atkins Sent: Thursday, January 04, 2007 11:27 AM To: [EMAIL PROTECTED] Subject: Re: [OpenID]

Key Discovery In DTP Draft 3

2007-01-04 Thread Recordon, David
Hey guys, Was looking at http://openid.net/specs/openid-service-key-discovery-1_0-01.html tonight and curious why the decision was made to define the PublicKey / element which contains a link to the RSA key or X.509 certificate versus embedding the key in the XRDS file? From the research I've

RE: Key Discovery In DTP Draft 3

2007-01-04 Thread Recordon, David
... /ds:KeyInfo /Service Thus it makes it easy for existing Yadis libraries to pick the key out by the Type element. --David -Original Message- From: Drummond Reed [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 10:23 PM To: Recordon, David; 'Carl Howells'; 'Grant Monroe' Cc: specs

RE: SREG in Yadis

2007-01-04 Thread Recordon, David
PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Recordon, David Sent: Wednesday, January 03, 2007 9:45 PM To: specs@openid.net Subject: SREG in Yadis Seems the 1.0 SREG spec doesn't mention advertising support in your Yadis file. With the 1.1 draft, seems like this should be mentioned. Anyone

RE: [OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman anOpenID?

2007-01-03 Thread Recordon, David
My guess is that when a normal HTTP fetch is performed against http://xri.net/=bobwyman, the proxy resolver expects you to be in a browser and thus issues a 302 Redirect to your contact page. One option is if the iBrokers (is it iBroker or i-broker?) included Yadis on each contact page. This

SREG in Yadis

2007-01-03 Thread Recordon, David
Seems the 1.0 SREG spec doesn't mention advertising support in your Yadis file. With the 1.1 draft, seems like this should be mentioned. Anyone against the Type being http://openid.net/extensions/sreg/1.1; which is what the proposed openid.ns.sreg field value is?

RE: [OpenID] Dumb Question: Why isn't http://xri.net/=bobwyman an OpenID?

2007-01-03 Thread Recordon, David
http://xri.net/=; and then extracts =bobwyman 3) RP constructs Yadis fetch on http://xri.net/=bobwyman for proxy resolution of the i-name =bobwyman --David -Original Message- From: Drummond Reed [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 03, 2007 11:26 PM To: Recordon, David; 'Bob

RE: Questions on Protocol

2007-01-02 Thread Recordon, David
That sounds great to me! I like the model of starting here and growing as needed. :) --David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johannes Ernst Sent: Tuesday, January 02, 2007 10:12 AM To: McGovern, James F ((HTSC, IT)) Cc:

RE: Consistency of negative responses to checkid_immediate requests

2006-12-27 Thread Recordon, David
I think using cancel would add consistency between the modes, any reason I'm not seeing why it is a bad choice? --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Tuesday, December 26, 2006 4:17 PM To: Johnny Bufu Cc: Martin Atkins;

RE: OpenID Exchange

2006-12-14 Thread Recordon, David
Awesome, glad to see this! Would be great as Johannes said to see some flow examples and how you'd see it integrate to do something like exchange profile data or post a photo on your blog. Would love to see this formalized and happy to help however I can! --David -Original Message-

Re: OpenID IPR Policy Draft

2006-12-07 Thread Recordon, David
To: Recordon, David Cc: [EMAIL PROTECTED]; specs@openid.net Subject:Re: OpenID IPR Policy Draft This is normally lawyer work. I recommend the companies individuals invested in OpenID immediately turn this exercise over to your legal counsel to ensure your interests--and the interests

OpenID IPR Policy Draft

2006-12-06 Thread Recordon, David
Hey guys, Been working with Gabe, and others, on starting to draft an IPR Policy for OpenID specifications. We'd appreciate feedback in terms of if what is written captures the correct intent of the community? We realize the language isn't technically as tight as it needs to be, though first

RE: OpenID Simple Registration 1.1 - Draft 1

2006-12-06 Thread Recordon, David
Done, commit 172. --David -Original Message- From: Jonathan Daugherty [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 1:41 PM To: Recordon, David Cc: specs@openid.net Subject: Re: OpenID Simple Registration 1.1 - Draft 1 # Please review and +1 or -1 for final draft. Only

RE: Re: [OpenID] OpenID Assertion Quality Extension - Draft

2006-12-03 Thread Recordon, David
something could be included. :-\ Also pulling general@ off this thread. --David -Original Message- From: Avery Glasser [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 8:35 PM To: [EMAIL PROTECTED] Cc: Recordon, David; specs@openid.net; [EMAIL PROTECTED] Subject: RE: Re: [OpenID

RE: OpenID Assertion Quality Extension - Draft

2006-11-29 Thread Recordon, David
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Recordon, David Sent: Wednesday, November 29, 2006 9:46 AM To: specs@openid.net Cc: [EMAIL PROTECTED] Subject: OpenID Assertion Quality Extension - Draft So this is the first public draft of the extension that Avery, Paul, and I have been

OP Identifier vs. OP-Specific Identifier

2006-11-19 Thread Recordon, David
So I'm working on cleaning up the terminology section with edits from Drummond. On first read I had no idea what the difference between OP Identifier and OP-Specific Identifier were. Now that my brain has kicked in I do, but I have the feeling this is going to be really confusing for others

RE: Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handlehttp://[EMAIL PROTECTED] Style Identifiers)

2006-11-13 Thread Recordon, David
I'm not sure if it would necessarily be thrown away, I guess it is really up to the IdP. With two identifiers, it is pretty easy to pass to the IdP and let it decide what it wants to do. 1) I enter [EMAIL PROTECTED] as my identifier on the RP 2) RP does discovery on recordon.name and finds my

RE: OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)

2006-11-13 Thread Recordon, David
Hey Adam, Thanks for the insight! I know, as Dick described, there was a design decision made in terms of enabling payloads larger than 2Kb within OpenID Authentication requests and responses. With that said, there are other approaches, such as using GET requests and including a token to

RE: Went Through it With Brad

2006-11-13 Thread Recordon, David
] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Monday, November 13, 2006 4:15 PM To: Recordon, David Cc: specs@openid.net Subject: Re: Went Through it With Brad On 11/8/06, Recordon, David [EMAIL PROTECTED] wrote: 2) 7.3.3 basically deprecates HTML-based discovery, saying that it is a way

RE: OpenID.net Service Type Namespaces

2006-11-07 Thread Recordon, David
, 2006 11:56 AM To: 'Dick Hardt'; Recordon, David Cc: specs@openid.net Subject: RE: OpenID.net Service Type Namespaces My understanding is that the concern is with potential conflicts in the actual functioning of openid.net. Creating a clean DNS namespace for specs at specs.openid.net does seem like

RE: IdP's Advertising Both http and https

2006-11-07 Thread Recordon, David
Moving this to the list, I really should have started it there in the first place. --David -Original Message- From: Recordon, David Sent: Monday, November 06, 2006 2:06 PM To: 'Dick Hardt'; Josh Hoyt Subject: RE: IdP's Advertising Both http and https Hey Dick, But the security warnings

RE: OpenID Authentication 2.0 Pre-Draft 11 (Take 2)

2006-11-07 Thread Recordon, David
Thanks! I remember you mentioning that before though I missed it. Revision 93 corrects it. Thanks, --David -Original Message- From: Johannes Berg [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 2:07 PM To: Recordon, David Subject: Re: OpenID Authentication 2.0 Pre-Draft 11

Making return_to Optional

2006-11-06 Thread Recordon, David
From the call last week and the proposal at http://openid.net/pipermail/specs/2006-October/000430.html, return_to is not an optional parameter in the authentication request. The idea being that a RP not sending it signals the IdP to not redirect the user back; rather an extension will be doing

IdP vs OP (WAS: RE: Editors Conference Call)

2006-11-06 Thread Recordon, David
I see both sides of this discussion. I think John is correct that the role of an OP really is not that different than that of SAML's IdP. The difference comes down to the trust model. I certainly think reputation networks will exist which rate OPs, RPs, users, etc and will ultimately be needed

RE: Making return_to Optional

2006-11-06 Thread Recordon, David
Yep... -Original Message- From: Drummond Reed [mailto:[EMAIL PROTECTED] Sent: Monday, November 06, 2006 7:54 PM To: Recordon, David; specs@openid.net Subject: RE: Making return_to Optional David, in the message below, I assume you meant to say return_to is NOW an optional parameter

RE: Making identities persistent?

2006-11-01 Thread Recordon, David
Pete, While the transaction with the IdP is about the derived identifier (sort of like that term actually), the RP uses the delegated identifier when referencing the user. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Rowley Sent:

Editors Conference Call

2006-10-30 Thread Recordon, David
This morning Dick, Josh, and I got on Skype for 2.5 hours to try and hash through all the remaining proposals. Unfortunately Brad couldn't join us, though I did talk to him about some of this stuff as well beforehand. - Authentication Age will be developed as an extension due to questions

RE: [security] [PROPOSAL] Adding More Color Around SSL Use

2006-10-27 Thread Recordon, David
This has now been checked in. http://openid.net/svn/listing.php?repname=specificationspath=%2Frev=73 sc=1 --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Recordon, David Sent: Thursday, October 26, 2006 1:48 PM To: [EMAIL PROTECTED]; specs

[PROPOSAL] Adding More Color Around SSL Use

2006-10-26 Thread Recordon, David
I'm planning to check in the following patch to the authentication spec later today unless anyone has STRONG objections. It says that SSL is not REQUIRED, though comes as close to saying that it is that I think we can. Josh, Mart, and I believe this is a good middle position to take on the

RE: Yet Another Delegation Thread

2006-10-24 Thread Recordon, David
What I wrote up doesn't allow a RP to have the information it needs to maintain state is my understanding. --David -Original Message- From: Dick Hardt [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 5:12 PM To: Recordon, David Cc: specs@openid.net Subject: Re: Yet Another

RE: [PROPOSAL] Handle http://[EMAIL PROTECTED] Style Identifiers

2006-10-22 Thread Recordon, David
While I'd certainly agree that a goal is letting anyone setup and IdP and have it work on any RP, I see that as utopia. The protocol should certainly support that, as well as not do anything to actively thwart it. With that said, OpenID as a protocol can be used in cases where this may not be

RE: Two Identifiers - no caching advantage

2006-10-22 Thread Recordon, David
* Protocol has two distinct identifiers: public and IdP-local. Relying party manages delegation. IdP does not even know that the delegation has taken place and has no way to stop it happening [1]. RP now has to do more work, but identifier portability now comes for free. I'm much more in

RE: [PROPOSAL] Handle http://[EMAIL PROTECTED] Style Identifiers

2006-10-20 Thread Recordon, David
Yes, potentially. It is a bit of a hybrid approach I guess. --David -Original Message- From: Jonathan Daugherty [mailto:[EMAIL PROTECTED] Sent: Friday, October 20, 2006 12:59 PM To: Recordon, David Cc: Drummond Reed; specs@openid.net Subject: Re: [PROPOSAL] Handle http://[EMAIL

Re: [PROPOSAL] Handle [EMAIL PROTECTED] For Discovery Only

2006-10-20 Thread Recordon, David
Title: Re: [PROPOSAL] Handle [EMAIL PROTECTED] For Discovery Only I guess I shouldn't have said http://[EMAIL PROTECTED]. All that is being suggested is the following language (on my Treo): If a string in the format of [EMAIL PROTECTED] at a RP, the RP MUST treat the domain after @ as the

  1   2   >