Re: No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Dick Hardt
It is more complex having to use two fields to uniquely identify a user in a DB then one. DB queries are more complex and there is more opportunity for the developer to make mistakes. Given a goal of OpenID is to be simple, one field is better then two. -- Dick On 8-Jun-07, at 10:14 AM,

RE: No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Recordon, David
Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table) On 8-Jun-07, at 10:02 AM, Recordon, David wrote: I'm confused as to why a RP having to not create a new DB field is a requirement when looking to solve this problem. RP's implementations already need to change to upgrade from

No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Recordon, David
@openid.net Subject: Re: Questions about IIW Identifier Recycling Table On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote: Over the last few days I've been thinking about your Identifier Recycling proposal[2], in addition to other proposals (Tokens, etc). Assuming I understand things correctly

Re: No New DB Field Requirement? (WAS: RE: Questions about IIW Identifier Recycling Table)

2007-06-08 Thread Johnny Bufu
On 8-Jun-07, at 10:02 AM, Recordon, David wrote: I'm confused as to why a RP having to not create a new DB field is a requirement when looking to solve this problem. RP's implementations already need to change to upgrade from 1.1 to 2.0 and this has never been a requirement in the past. It

RE: Questions about IIW Identifier Recycling Table

2007-06-08 Thread Recordon, David
Of Josh Hoyt Sent: Friday, June 08, 2007 10:29 AM To: [EMAIL PROTECTED] Cc: specs@openid.net Subject: Re: Questions about IIW Identifier Recycling Table On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote: If the token is publically viewable, then losing it is not an issue. I do not share David's

Re: Questions about IIW Identifier Recycling Table

2007-06-08 Thread Josh Hoyt
On 6/8/07, Recordon, David [EMAIL PROTECTED] wrote: The difference I see is that the current secrets can be renegotiated. If we're working with non-public fragments then they cannot be. If we're working with public fragments, then I'm less concerned. I understand your concern, but I don't

Re: Questions about IIW Identifier Recycling Table

2007-06-08 Thread Josh Hoyt
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote: I'm not sure I understand what's public about this. If I understand it correctly, from the relying party's perspective, the user's account is keyed off of the pair of the identifier and the token. This sounds like URL + private token in

Re: Questions about IIW Identifier Recycling Table

2007-06-07 Thread Johnny Bufu
Hi David, The idea was to list as columns the things potentially affected by this change and important enough that we cared. In the end we chose 'URL + public fragment' as the one with the most check marks. See below my comments; maybe others can correct / fill in the gaps. On 5-Jun-07, at

Re: Questions about IIW Identifier Recycling Table

2007-06-07 Thread David Fuelling
Hey Johnny, Thanks for your clarifications and answers to my questions about [1]. Over the last few days I've been thinking about your Identifier Recycling proposal[2], in addition to other proposals (Tokens, etc). Assuming I understand things correctly, it seems as if a hybrid of the

Re: Questions about IIW Identifier Recycling Table

2007-06-07 Thread Josh Hoyt
On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote: Over the last few days I've been thinking about your Identifier Recycling proposal[2], in addition to other proposals (Tokens, etc). Assuming I understand things correctly, it seems as if a hybrid of the public/private token approach would

Re: Questions about IIW Identifier Recycling Table

2007-06-07 Thread David Fuelling
Hey Josh, Thanks for your message and great points. See my thoughts/questions inline. On 6/7/07, Josh Hoyt [EMAIL PROTECTED] wrote: On 6/7/07, David Fuelling [EMAIL PROTECTED] wrote: Over the last few days I've been thinking about your Identifier Recycling proposal[2], in addition to