Re: Proposal for Modularizing Auth 2.0 Discovery

2007-03-03 Thread Gavin Baumanis
-- Best regards, Gavin Baumanis T: +61 -3 992 51099 F: +61 -3 992 52706 E: [EMAIL PROTECTED] Property Services RMIT University Level 6, 449 Swanston Street Melbourne VIC 3000 Australia On Saturday, March 03, 2007 at 17:26, in message [EMAIL PROTECTED], Mark Baker [EMAIL PROTECTED]

Re: Proposal for Modularizing Auth 2.0 Discovery

2007-03-02 Thread Mark Baker
Hi Gabe, On 2/28/07, Gabe Wachob [EMAIL PROTECTED] wrote: Basically, the Discovery Spec would specify that for any identifier scheme to work with OpenID, it MUST define a way of being constructed into an HTTP URI and then returning a XRDS with an HTTP GET on that HTTP URI. I don't understand

Re: Proposal for Modularizing Auth 2.0 Discovery

2007-03-02 Thread Johannes Ernst
While I'm strongly in favor of modularization from an architectural perspective, is there a potential security problem here if multiple protocols are developed to resolve the same kind of identifier? (because they could resolve to a different set of endpoints / services) It appears to me

RE: Proposal for Modularizing Auth 2.0 Discovery

2007-03-02 Thread Recordon, David
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johannes Ernst Sent: Friday, March 02, 2007 12:47 PM To: specs@openid.net Subject: Re: Proposal for Modularizing Auth 2.0 Discovery While I'm strongly in favor of modularization from an architectural perspective

Re: Proposal for Modularizing Auth 2.0 Discovery

2007-03-02 Thread Mark Baker
On 3/2/07, Gabe Wachob [EMAIL PROTECTED] wrote: Hi Mark- I think I understand your first point. I think FTP is a degenerate case though, because its just like HTTP in the sense that there's basically one way that everybody knows how to use an FTP URI to get at a *document* (e.g. the

RE: Proposal for Modularizing Auth 2.0 Discovery

2007-02-28 Thread Dmitry Shechtman
I'd agree on specifying HTTP as the only resolution method required. Unfortunately, I have a conflict of interests with the SMTP service extension... Regards, Dmitry =damnian ___ specs mailing list specs@openid.net

Re: Proposal for Modularizing Auth 2.0 Discovery

2007-02-28 Thread Martin Atkins
Gabe Wachob wrote: Basically, the Discovery Spec would specify that for any identifier scheme to work with OpenID, it MUST define a way of being constructed into an HTTP URI and then returning a XRDS with an HTTP GET on that HTTP URI. If there are other ways of resolving it, then

What Should an OpenId Be? [WAS: RE: Proposal for Modularizing Auth 2.0 Discovery]

2007-02-28 Thread David Fuelling
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gabe Wachob Sent: Wednesday, February 28, 2007 3:02 PM To: 'Drummond Reed'; 'Martin Atkins'; specs@openid.net Subject: Proposal for Modularizing Auth 2.0 Discovery snip Basically, the Discovery Spec