On 6/8/07, Recordon, David <[EMAIL PROTECTED]> wrote:
> The difference I see is that the current secrets can be renegotiated.
> If we're working with non-public fragments then they cannot be. If
> we're working with public fragments, then I'm less concerned.
I understand your concern, but I don't
CTED] On
Behalf Of Josh Hoyt
Sent: Friday, June 08, 2007 10:29 AM
To: [EMAIL PROTECTED]
Cc: specs@openid.net
Subject: Re: Questions about IIW Identifier Recycling Table
On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
If the token is publically viewable, then losing it is not an issue. I
On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> > I'm not sure I understand what's "public" about this. If I understand
> > it correctly, from the relying party's perspective, the user's account
> > is keyed off of the pair of the identifier and the token. This sounds
> > like URL + private
It is more complex having to use two fields to uniquely identify a
user in a DB then one. DB queries are more complex and there is more
opportunity for the developer to make mistakes.
Given a goal of OpenID is to be simple, one field is better then two.
-- Dick
On 8-Jun-07, at 10:14 AM, John
w DB Field Requirement? (WAS: RE: Questions about IIW
Identifier Recycling Table)
On 8-Jun-07, at 10:02 AM, Recordon, David wrote:
> I'm confused as to why a RP having to not create a new DB field is a
> requirement when looking to solve this problem. RP's implementations
> alre
On 8-Jun-07, at 10:02 AM, Recordon, David wrote:
> I'm confused as to why a RP having to not create a new DB field is a
> requirement when looking to solve this problem. RP's implementations
> already need to change to upgrade from 1.1 to 2.0 and this has never
> been a requirement in the past.
PROTECTED]
Cc: specs@openid.net
Subject: Re: Questions about IIW Identifier Recycling Table
On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> Over the last few days I've been thinking about your Identifier
Recycling
> proposal[2], in addition to other proposals (Tokens,
Hey Josh,
Thanks for your message and great points. See my thoughts/questions inline.
On 6/7/07, Josh Hoyt < [EMAIL PROTECTED]> wrote:
On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> Over the last few days I've been thinking about your Identifier
Recycling
> proposal[2], in addition to
On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
> Over the last few days I've been thinking about your Identifier Recycling
> proposal[2], in addition to other proposals (Tokens, etc). Assuming I
> understand things correctly, it seems as if a hybrid of the public/private
> token approach wou
Hey Johnny,
Thanks for your clarifications and answers to my questions about [1].
Over the last few days I've been thinking about your Identifier Recycling
proposal[2], in addition to other proposals (Tokens, etc). Assuming I
understand things correctly, it seems as if a hybrid of the public/pr
Hi David,
The idea was to list as columns the things potentially affected by
this change and important enough that we cared. In the end we chose
'URL + public fragment' as the one with the most check marks.
See below my comments; maybe others can correct / fill in the gaps.
On 5-Jun-07, at 1
I wasn't at IIW, so please bear with me.
In reference to the wiki at
http://openid.net/wiki/index.php/IIW2007a/Identifier_Recycling, can somebody
clarify what some of the terminology means? Specific questions are below.
1.) For URL+Fragment, what is the distinction between "private" and
"public
12 matches
Mail list logo