Re: Final outstanding issues with the OpenID 2.0Authenticationspecification
David, On 18-May-07, at 11:09 AM, Recordon, David wrote: > Hey Marius, > Good point, committed a patch so please review! :) On 18-May-07, at 11:08 AM, [EMAIL PROTECTED] wrote: > + > + As discussed in the +target="compat_mode">OpenID Authentication 1.1 > +Compatibility mode section, these discovery tags > +are not the same as in previous versions of the protocol. > +While the same data is conveyed, the names have > changed which > +allows a Relying Party to determine the protocol version > +being used. A Relying Party MAY encounter a Claimed > Identifier > +which uses HTML-Based Discovery to advertise both > version 1.1 > +and 2.0 Providers. > + I believe we should make the above a bit more 'normative' for what the discovery elements should contain, rather than just warning RPs about what they MAY encounter. The qualifier for backwards compatibility is SHOULD / RECOMMENDED through the rest of the spec, so I propose we replace your text with: > For backwards compatibility, if supported by the OP, the HEAD > section of the document SHOULD also include OpenID 1.x discovery > elements: > > A tag with attributes "rel" set to "openid.server" and > "href" set to an OP Endpoint URL > A tag with attributes "rel" set to "openid.delegate" and > "href" set to the end user's OP-Local Identifier > > The protocol version when HTML discovery [...] an OpenID 1.x > endpoint is "http://openid.net/signon/1.1";. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Final outstanding issues with the OpenID 2.0Authenticationspecification
On 18-May-07, at 11:09 AM, Recordon, David wrote: > Hey Marius, > Good point, committed a patch so please review! :) > http://openid.net/svn/diff.php?repname=specifications&path=% > 2Fauthentica > tion%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=325&sc=1 That was fast :-) Looks good, but I would add to that a sentence stating that you SHOULD put both sets of tags when editing HTML pages in order to be backwards compatible. Thanks, Marius > > Thanks, > --David > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Marius Scurtescu > Sent: Friday, May 18, 2007 10:48 AM > To: Dmitry Shechtman > Cc: 'OpenID specs list' > Subject: Re: Final outstanding issues with the OpenID > 2.0Authenticationspecification > > On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote: > >> 7.3.3. HTML-Based Discovery >> >> A tag MUST be included with attributes "rel" set to >> openid2.provider" >> and "href" set to an OP Endpoint URL >> >> A tag MAY be included with attributes "rel" set to >> "openid2.local_id" >> and "href" set to the end user's OP-Local Identifier >> >> >> Could somebody please enlighten me as to what's wrong with leaving >> those as "openid.server" and "openid.delegate" respectfully (i.e. >> backward-compatible)? > > The new attribute values are needed in order to signal an OpenID 2 > provider. > > But you bring up a good point, backwards compatibility can be easily > broken here. > > In order to be backwards compatible the HTML page should have two sets > of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing to > the > same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be able > to use > the HTML page. > > Probably the spec should say this in section 7.3.3 and give clear > instructions regarding OpenID 1.1 tags. > > Marius > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification
David, See, here's the problem. When I'm saying "productive conversations", I usually mean they yield something. Getting no replies or replies such as "it should be done the way that it's intended" is counterproductive. Everybody who finds my questions/suggestions stupid, please speak up. Regards, Dmitry =damnian ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Hey Marius, Good point, committed a patch so please review! :) http://openid.net/svn/diff.php?repname=specifications&path=%2Fauthentica tion%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=325&sc=1 Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marius Scurtescu Sent: Friday, May 18, 2007 10:48 AM To: Dmitry Shechtman Cc: 'OpenID specs list' Subject: Re: Final outstanding issues with the OpenID 2.0Authenticationspecification On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote: > 7.3.3. HTML-Based Discovery > > A tag MUST be included with attributes "rel" set to > openid2.provider" > and "href" set to an OP Endpoint URL > > A tag MAY be included with attributes "rel" set to > "openid2.local_id" > and "href" set to the end user's OP-Local Identifier > > > Could somebody please enlighten me as to what's wrong with leaving > those as "openid.server" and "openid.delegate" respectfully (i.e. > backward-compatible)? The new attribute values are needed in order to signal an OpenID 2 provider. But you bring up a good point, backwards compatibility can be easily broken here. In order to be backwards compatible the HTML page should have two sets of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing to the same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be able to use the HTML page. Probably the spec should say this in section 7.3.3 and give clear instructions regarding OpenID 1.1 tags. Marius ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification
Hi Dmitry, I don't think the solution is to "simple denounce OpenID 2.0", but that will rather only make it worse. Rather I'd invite you to continue these productive conversations to see if the issues can be resolved. I think it would be unfortunate for anyone to just give up. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Shechtman Sent: Friday, May 18, 2007 8:09 AM To: 'Don MacAskill'; 'OpenID specs list' Subject: RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification > As a relative newcomer to the OpenID community, I realize this may > have been debated endlessly already, and I may just be shouted down. It definitely has been debated endlessly. > Or am I alone here? No, you aren't. There are many who agree with this entirely, some of whom have expressed their opinion on the various OpenID lists, but at no avail. My suggestion at this point would be to simply denounce OpenID 2.0. Regards, Dmitry =damnian ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Hey Dmitry, When using Yadis you're able to advertise if you're speaking OpenID 1.1 or 2.0 and thus the RP know which version of the protocol the request should be made in. When using HTML-Based Discovery this is not possible unless the attributes are renamed or a third "version" tag is added which was not the preferred option. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Shechtman Sent: Friday, May 18, 2007 1:00 AM To: 'Josh Hoyt'; 'OpenID specs list' Subject: RE: Final outstanding issues with the OpenID 2.0Authenticationspecification 7.3.3. HTML-Based Discovery A tag MUST be included with attributes "rel" set to openid2.provider" and "href" set to an OP Endpoint URL A tag MAY be included with attributes "rel" set to "openid2.local_id" and "href" set to the end user's OP-Local Identifier Could somebody please enlighten me as to what's wrong with leaving those as "openid.server" and "openid.delegate" respectfully (i.e. backward-compatible)? Regards, Dmitry =damnian ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Please no talk of OpenID 3! If anything, 2.1 or the "next version". :) Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Thursday, May 17, 2007 2:05 PM To: Alaric Dailey Cc: OpenID specs list Subject: Re: Final outstanding issues with the OpenID 2.0Authenticationspecification On 5/17/07, Alaric Dailey <[EMAIL PROTECTED]> wrote: > I hate to be a PITA but these issues were brought up a while ago by > Eddy Nigg and Myself. I understand, but at that time, as now, I was trying to get the spec to be finished. We've been in something of an informal feature-freeze for a while. Perhaps we should have explicit feature-freezes. I'd suggest starting an OpenID 3 thread to talk about the features that you want to add. That way, you can start trying to convince people that your features should go in without having to battle with people like me who just want to have a stable spec release with the improvements that we already have. Josh ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification
I'm in support of doing this. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Thursday, May 17, 2007 1:40 PM To: Dmitry Shechtman Cc: OpenID specs list Subject: Re: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification On 5/17/07, Dmitry Shechtman <[EMAIL PROTECTED]> wrote: > "aside from XRI and Yadis"? XRI alone is twice as complex as OpenID 1.1! > > There has been a simplification suggestion floating around since long ago: > resolve i-names via http[s]://xri.net/. -1. If XRI is to be included, it should be done the way that it's intended. One possible solution that would address this problem as well as the unfinished XRI specification is to split out Yadis and XRI discovery out from the OpenID Authentication spec and into separate documents. That way, they could wait until the XRI specs are done and the OpenID spec will be shorter and easier to understand. Josh ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: RFC: Final outstanding issues with the OpenID 2.0Authenticationspecification
BTW, we (the XRI TC cochairs) finally (!) came to agreement at IIW to publish the current draft of the XRI Res spec as a citeable committee spec so the issue about XRI specs being in draft form and unciteable goes away. That is, we'll hold a TC vote on what has already been implemented by the openid community and call it XRI resolution 2.0 (which has been relatively stable, but not final, for a long time already). XRI Syntax 2.0 has been a committee spec for a long time now and has not changed. The agreement was, essentially, to output res 2.0 wd 11 (or thereabouts) as a committee spec rather than wait for further work on XRI. We've not formally presented this to the TC, but I am almost certain the TC will agree to this. It is my expectation that we'll complete this in roughly the same timeframe as the other work being completed in OpenID 2.0 (that is, on the order of weeks). -Gabe > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Josh Hoyt > Sent: Thursday, May 17, 2007 1:40 PM > To: Dmitry Shechtman > Cc: OpenID specs list > Subject: Re: RFC: Final outstanding issues with the OpenID > 2.0Authenticationspecification > > On 5/17/07, Dmitry Shechtman <[EMAIL PROTECTED]> wrote: > > "aside from XRI and Yadis"? XRI alone is twice as complex as OpenID 1.1! > > > > There has been a simplification suggestion floating around since long > ago: > > resolve i-names via http[s]://xri.net/. > > -1. If XRI is to be included, it should be done the way that it's > intended. One possible solution that would address this problem as > well as the unfinished XRI specification is to split out Yadis and XRI > discovery out from the OpenID Authentication spec and into separate > documents. That way, they could wait until the XRI specs are done and > the OpenID spec will be shorter and easier to understand. > > Josh > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs