On 4-Oct-06, at 1:27 PM, Martin Atkins wrote:
> Dick Hardt wrote:
>>
>> The RP needs to resolve the identifier to check who is authorative
>> for it.
>>
>> If you create a mechanism for how to resolve who owns
>> "mailto:[EMAIL PROTECTED]", then it works.
>>
>> That functionality is needed to pre
Dick Hardt wrote:
>
> The RP needs to resolve the identifier to check who is authorative
> for it.
>
> If you create a mechanism for how to resolve who owns
> "mailto:[EMAIL PROTECTED]", then it works.
>
> That functionality is needed to prevent any IdP from being
> authoritative for an ar
On 4-Oct-06, at 10:52 AM, Martin Atkins wrote:
>
>>> And all you've achieved here is to hand your identifier over to
>>> Brad.
>>
>> Not at all! My IdP will only accept my credentials. If Brad pointed
>> his identifier to my IdP, he'd have handed it over to me, but
>> there is
>> no way that
>> And all you've achieved here is to hand your identifier over to Brad.
>
> Not at all! My IdP will only accept my credentials. If Brad pointed
> his identifier to my IdP, he'd have handed it over to me, but there is
> no way that he can use MY IdP even though it would make an assertion
> about
On 10/3/06, Martin Atkins <[EMAIL PROTECTED]> wrote:
> And all you've achieved here is to hand your identifier over to Brad.
Not at all! My IdP will only accept my credentials. If Brad pointed
his identifier to my IdP, he'd have handed it over to me, but there is
no way that he can use MY IdP even
>> Josh Hoyt wrote:
>>
>> An example to illustrate how delegation can make it hard to understand
>> what's going on:
>>
>> 1. Set up an IdP that will let me verify, say "bradfitz.com." This
>> does not mean that I have any control of bradfitz.com, just that if I
>> did, I could use this IdP.
>>
Josh Hoyt wrote:
>
> An example to illustrate how delegation can make it hard to understand
> what's going on:
>
> 1. Set up an IdP that will let me verify, say "bradfitz.com." This
> does not mean that I have any control of bradfitz.com, just that if I
> did, I could use this IdP.
>
> 2. Set up
On 3-Oct-06, at 7:11 PM, Drummond Reed wrote:
> Dick,
>
> I'm afraid we just disagree on this.
>
> You cite the Google definition, which is the general English-language
> meaning of the term.
which is what most people will know. The person editing the HTML page
to put in the delegate tag is no
o that problem?
Has anyone else on the list never run into that problem?
=Drummond
-Original Message-
From: Dick Hardt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 03, 2006 6:12 PM
To: Drummond Reed
Cc: 'Marius Scurtescu'; specs@openid.net
Subject: Re: openid.delegate ex
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf
> Of Dick Hardt
> Sent: Tuesday, October 03, 2006 4:52 PM
> To: Marius Scurtescu
> Cc: specs@openid.net
> Subject: Re: openid.delegate explained.
>
> fwiw: I was -1 on Josh
equivalent", "maps to", or "canonical".
=Drummond
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dick Hardt
Sent: Tuesday, October 03, 2006 4:52 PM
To: Marius Scurtescu
Cc: specs@openid.net
Subject: Re: openid.delegate exp
fwiw: I was -1 on Josh's proposal. I am now a 0.
I think the name "delegate" is the right name though. It made sense
to me right away. One URI is delegating to another URI to be
authoritative about it. Drummonds explanation just reinforced my
view. But perhaps I am missing something there.
On 10/3/06, Marius Scurtescu <[EMAIL PROTECTED]> wrote:
> 3. Bare responses will not work.
Ditto for IdP-driven identifier selection for a delegated identifier.
> A question about doing discovery on delegated identifiers. Would you
> expect the exactly same XRDS from both the claimed and delegate
I think that the proposal made by Josh makes sense.
First of all, why would you hide the claimed identifier from the IdP?
If you don't trust your IdP you should not use it. Same thing if the
IdP tries to charge you more because you are using delegate
identifiers. If it is unreasonable then m
On Oct 3, 2006, at 11:58, Brad Fitzpatrick wrote:
I don't care what openid.delegate is renamed to. But I feel strongly
it has to survive ... I think it's one of the most important things to
OpenID, just not well understood.
Amen. (This comes from a guy -- me -- who took some months to get it.
Brad, thanks much for posting this. Having spent a ton of time on identifier
abstraction -- largely for the benefit of identifier portability -- I have
enormous respect for this feature.
So I am committed to being super-careful we don't break it just by renaming
it.
My proposal was limited to jus
On 10/3/06, Brad Fitzpatrick <[EMAIL PROTECTED]> wrote:
> but LiveJournal.com knows jack shit about bradfitz.com ... and
> perhaps Brad doesn't trust LJ to know about bradfitz.com ...
> or fears LJ might charge more to use that feature. etc.
What my protocol change proposal[1] amounts to is makin
17 matches
Mail list logo