On 16-Oct-06, at 12:24 PM, Martin Atkins wrote:
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be
Drummond Reed wrote:
I think you may have me mistaken for somebody else on the list (. . .)
Double-blind anonymity in action? ;)
-Hans
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be using a multitude of possibly hostile RPs
thereafter:
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be using a multitude of possibly hostile RPs
On 10/16/06, Marius Scurtescu [EMAIL PROTECTED] wrote:
In this case you are better off opening a separate account with this
or some other IdP. The current delegation model will not protect you
at all. The delegate tag is in a publicly accessible Yadis document.
I agree that anonymity is an
+1. Trust is not a boolean. Martin, that's very quotable. Can I attribute
it to you?
=Drummond
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Martin Atkins
Sent: Monday, October 16, 2006 12:25 PM
To: specs@openid.net
Subject: Re: Identifier portability
On 10/13/06, Drummond Reed [EMAIL PROTECTED] wrote:
So whether it's in the spec formally or not, I don't really care. But the
spec MUST contain details on the precautions a RP should take.
Yup.(Got that, editors?)
http://openid.net/specs/openid-authentication-2_0-10.html#anchor38
Josh
On 10/13/06, Chris Drake [EMAIL PROTECTED] wrote:
DR CASE 1: the protocol supports only IdP-specific identifiers and no
portable
DR identifiers.
DR RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case 1.
Please explain? If I've got an OpenID URL (eg: my vanity domain),
Brad Fitzpatrick wrote:
Counter-argument: but OpenID 1.1 does have two parameters: one's just in
the return_to URL and managed by the client library, arguably in its own
ugly namespace (not IdP/RP managed, not openid., but something else...
the Perl library uses oic. or something). So
@openid.net
Subject: Re: Identifier portability: the fundamental issue
Hi Drummond,
DR CASE 1: the protocol supports only IdP-specific identifiers and no
portable
DR identifiers.
DR RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case
1.
Please explain? If I've got an OpenID URL (eg
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
Yesterday we established consensus that with OpenID, identifier
portability
is sacred.
Could somebody please post a succinct definition of identifier
portability somewhere. If we have a new religion, we might as well
agree what it is ;-)
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
1) If the RP sends the IdP-specific identifier, the RP must keep
state to
maintain mapping to the portable identifier (bad), and
I agree, but I'm not sure that this is a big issue. Won't a simple
cookie be sufficient?
Johannes Ernst
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which the IdP knows the user (the IdP-specific
On Fri, 13 Oct 2006, Granqvist, Hans wrote:
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which
On 13-Oct-06, at 12:59 PM, Drummond Reed wrote:
Yesterday we established consensus that with OpenID, identifier
portability
is sacred.
Today I'd like to establish consensus on the following postulate:
To achieve identifier portability in OpenID, it MUST be possible
for the RP
and
Title: RE: Identifier portability: the fundamental issue
We must have different understandings of the term sacred then.
My understanding of the term is that it refers to a tenet of faith which might cause offense if contradicted.
Sent from my GoodLink Wireless Handheld (www.good.com
Drummond wrote:
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which the IdP knows the user (the
17 matches
Mail list logo
