On 16-Oct-06, at 12:24 PM, Martin Atkins wrote:
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be
Drummond Reed wrote:
I think you may have me mistaken for somebody else on the list (. . .)
Double-blind anonymity in action? ;)
-Hans
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
On Tue, 2006-10-17 at 13:29 +1000, Chris Drake wrote:
Now - how comfortable are you with
the idea of letting 1.5 billion Chinese people use OpenID
Ideally we'd have the input of the SocialBrain Foundation on that.
Those are the folks who put together OpenID.cn. Has anyone on this list
talked
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be using a multitude of possibly hostile RPs
thereafter:
Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be using a multitude of possibly hostile RPs
On 10/16/06, Marius Scurtescu [EMAIL PROTECTED] wrote:
In this case you are better off opening a separate account with this
or some other IdP. The current delegation model will not protect you
at all. The delegate tag is in a publicly accessible Yadis document.
I agree that anonymity is an
+1. Trust is not a boolean. Martin, that's very quotable. Can I attribute
it to you?
=Drummond
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Martin Atkins
Sent: Monday, October 16, 2006 12:25 PM
To: specs@openid.net
Subject: Re: Identifier portability
portability: the fundamental issue
DR Chris Drake wrote:
There seem to be a lot of people on this list who want to hate and
loathe the IdP, and grant all power to the RP. I do not understand
this reasoning: our users will select the IdP they trust and like,
then they will be using a multitude
identifier. So OpenID
should accommodate both.
=Drummond
-Original Message-
From: Chris Drake [mailto:[EMAIL PROTECTED]
Sent: Monday, October 16, 2006 8:29 PM
To: Drummond Reed
Cc: 'Martin Atkins'; specs@openid.net
Subject: Re[2]: Identifier portability: the fundamental issue
Hi Drummond
On 10/13/06, Drummond Reed [EMAIL PROTECTED] wrote:
So whether it's in the spec formally or not, I don't really care. But the
spec MUST contain details on the precautions a RP should take.
Yup.(Got that, editors?)
http://openid.net/specs/openid-authentication-2_0-10.html#anchor38
Josh
On 10/13/06, Chris Drake [EMAIL PROTECTED] wrote:
DR CASE 1: the protocol supports only IdP-specific identifiers and no
portable
DR identifiers.
DR RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case 1.
Please explain? If I've got an OpenID URL (eg: my vanity domain),
Brad Fitzpatrick wrote:
Counter-argument: but OpenID 1.1 does have two parameters: one's just in
the return_to URL and managed by the client library, arguably in its own
ugly namespace (not IdP/RP managed, not openid., but something else...
the Perl library uses oic. or something). So
Hi Josh,
I do not believe the RP needs to know the IdP-specific identifier ever
(worse: I think it should never be allowed to know it, or even be
allowed to see it!).
JH Why not?
PRIVACY. Page back and read trough my posts to this list for the
intricate details.
JH Where is power being
@openid.net
Subject: Re: Identifier portability: the fundamental issue
Hi Drummond,
DR CASE 1: the protocol supports only IdP-specific identifiers and no
portable
DR identifiers.
DR RESULT: IdPs can achieve identifier lockin. Not acceptable. End of Case
1.
Please explain? If I've got an OpenID URL (eg
On 14-Oct-06, at 7:28 AM, Chris Drake wrote:
JH Where is power being granted to the RP? It has pretty much none.
JH It *does* have responsibility, but only as much as is necessary to
JH make the protocol work.
If RPs are allowed to build up linked portfolios of everyones
identifiers, they
Yesterday we established consensus that with OpenID, identifier portability
is sacred.
Today I'd like to establish consensus on the following postulate:
To achieve identifier portability in OpenID, it MUST be possible for the RP
and the IdP to identify the user using two different identifiers:
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
Yesterday we established consensus that with OpenID, identifier
portability
is sacred.
Could somebody please post a succinct definition of identifier
portability somewhere. If we have a new religion, we might as well
agree what it is ;-)
On Oct 13, 2006, at 12:59, Drummond Reed wrote:
1) If the RP sends the IdP-specific identifier, the RP must keep
state to
maintain mapping to the portable identifier (bad), and
I agree, but I'm not sure that this is a big issue. Won't a simple
cookie be sufficient?
Johannes Ernst
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which the IdP knows the user (the IdP-specific
On Fri, 13 Oct 2006, Granqvist, Hans wrote:
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which
On 13-Oct-06, at 12:59 PM, Drummond Reed wrote:
Yesterday we established consensus that with OpenID, identifier
portability
is sacred.
Today I'd like to establish consensus on the following postulate:
To achieve identifier portability in OpenID, it MUST be possible
for the RP
and
Title: RE: Identifier portability: the fundamental issue
We must have different understandings of the term sacred then.
My understanding of the term is that it refers to a tenet of faith which might cause offense if contradicted.
Sent from my GoodLink Wireless Handheld (www.good.com
Drummond wrote:
To achieve identifier portability in OpenID, it MUST be
possible for the RP and the IdP to identify the user using
two different identifiers: an identifier by which the RP
knows the user (the portable identifier), and an identifier
by which the IdP knows the user (the
23 matches
Mail list logo
