featuritis for existing form handlers (was: Sorting fields in signature generation)

2006-09-27 Thread Kevin Turner
Re-writing all your applications every time a new technology pops up is not a very efficient use of resources. New technologies that can leverage an existing install base will likely fare better than those that demand a completely clean slate. So I won't argue that existing applications are

RE: [PROPOSAL] authentication age

2006-10-02 Thread Kevin Turner
On Sun, 2006-10-01 at 13:08 -0700, Recordon, David wrote: It could be augmented to also contain a response parameter telling the RP if the IdP acknowledged it, then the RP could make the decision if it wants to proceed. You will want that response parameter. Otherwise, couldn't I (as the

Re: Adoption questions

2006-10-06 Thread Kevin Turner
On Fri, 2006-10-06 at 13:26 +1000, Chris Drake wrote: Is my understanding accurate: OpenID is unable to support single sign on. If not - lets assume it's 9am. I just signed on. I can visit RP#1 then RP#2 then RP#3 and go back and forth all day without hindrance, until I next sign off - yes?

Re: [PROPOSAL] Separate Public Identifier from IdP Identifier

2006-10-06 Thread Kevin Turner
From http://www.lifewiki.net/openid/SeparateIdentifierFromIdPToken (change #3): Impact on XRI-based auth: An XRI is, for this purpose, a URI that can be resolved into a URL at which we can do Yadis discovery. Once Yadis discovery begins, flow continues as in the original proposal, where

RE: [PROPOSAL] bare response / bare request

2006-10-06 Thread Kevin Turner
On Fri, 2006-10-06 at 16:34 -0700, Drummond Reed wrote: Let me play the dumb customer here and say: * A whole lot of real-world users would love OpenID-enabled bookmarks. * A whole lot of websites would love to offer them. * A whole lot of IdPs would love to provide them. Okay Customer, if

Re: Re[2]: Identifier portability: the fundamental issue

2006-10-17 Thread Kevin Turner
On Tue, 2006-10-17 at 13:29 +1000, Chris Drake wrote: Now - how comfortable are you with the idea of letting 1.5 billion Chinese people use OpenID Ideally we'd have the input of the SocialBrain Foundation on that. Those are the folks who put together OpenID.cn. Has anyone on this list talked

Re: Updated normalization section to match the upcoming XRI Syntax 2.1.

2007-04-04 Thread Kevin Turner
Sorry it took me a few months to notice this, but xri://$dns? No. I'm referring here to spec rev 274, the diff for which is attached. Can we roll that patch back, please? I'm not even sure where you're getting an XRI Syntax 2.1 reference from, there's not so much as a working draft of it

Re: Please clarify 2.0 TOC 14 -- Re: RFC: Final outstanding issues with the OpenID 2.0 Authentication specification

2007-05-22 Thread Kevin Turner
On Fri, 2007-05-18 at 22:21 +0200, Boris Erdmann wrote: http://openid.net/specs/openid-authentication-2_0-11.html#anchor34 Should the document be placed under http://relyingparty.com/ or http://relyingparty.com/return_to_url? or does it have to be link rel'ed in every page? For the proposed

Re: OpenID 2.0 finalization progress

2007-10-19 Thread Kevin Turner
On Fri, 2007-10-19 at 10:02 -0700, Paul C. Bryan wrote: On Thu, 2007-10-18 at 19:13 -0700, Dick Hardt wrote: I don't see why the two processes need to be any more dependant on each other then they are already. With all due respect, why take the risk that there are intellectual

Re: OpenID 2.0 finalization progress

2007-10-22 Thread Kevin Turner
On Fri, 2007-10-19 at 16:12 -0700, Johannes Ernst wrote: [...] and after they had produced a spec, Rambus said but we have some patents. This lead to at least one lawsuit I believe. I have heard wildly diverging assessments on whether or not this could happen here. Ok, I'm looking for the

Re: Question on Association Secrets

2008-03-11 Thread Kevin Turner
On Mon, 2008-03-10 at 11:27 +0100, Oliver Welter wrote: 1) Is an individual session dedicated to an Identifier/OP Combo, or is a secret/session used for different Identifiers which are served by the same OP? Associations are for a pair of (RP, OP), usable for any communication between them

Re: Difference between 1.0 and 1.1

2008-03-12 Thread Kevin Turner
On Wed, 2008-03-12 at 16:28 +0200, techtonik wrote: But 1.1 OpenID server doesn't know anything about openid.ns, because it was added only in 2.0 Therefore server fails to authenticate and this should be considered a bug in consumer, which should not send openid.ns at all. If everything above

Re: Problems with OpenID and TAG httpRange-14

2008-03-19 Thread Kevin Turner
On Wed, 2008-03-19 at 23:54 +0900, James Henstridge wrote: The fact that some sites incorrectly resolved the redirect to /about/ is probably due to the non-standard response headers for http://bytesexual.org/ -- it contains a relative URI reference in the location header, while the spec

specs and implementations (Re: Problems with OpenID and TAG httpRange-14)

2008-03-21 Thread Kevin Turner
On Fri, 2008-03-21 at 09:38 -0700, Will Norris wrote: Regardless of what specific spec addition we're talking about, I don't think the technical difficulty to implement it should ever be a determining factor in weighing the merit of the proposal. I disagree here. We don't write specs just so

Re: section 11. Verifying Assertions

2008-07-28 Thread Kevin Turner
See section 11.4.2. Verifying Directly with the OpenID Provider. or encode your state in a signed cookie or the return_to URL or somesuch. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs