subject:"Re\: experimental namespace for openid.net"

Re: experimental namespace for openid.net

2009-07-10 Thread David Recordon

Should this experimental namespace only apply to work being done by  
OpenID working groups?  I'm very supportive of pushing the standards  
forward via prototypes, but that should be done as part of the OpenID  
community instead of by a single company.


I'd be very happy to help get a discovery working group spun up and  
charter them to modernize OpenID 2.0's discovery process.


--David

On Jul 10, 2009, at 11:58 AM, George Fletcher wrote:


+1 to http://experimental.openid.net

It would be good to add this to the "repository" work Breno and John  
are doing as having a registry for experimental URIs would be good  
as well.


Thanks,
George

Dirk Balfanz wrote:
[[email protected]  for a broader  
audience]


On Thu, Jul 9, 2009 at 4:45 PM, Dirk Balfanz mailto:[email protected] 
>> wrote:


   Hi guys,
   Google would like to launch a feature in which we're allowing our
   Google Apps hosted domains to become OpenID providers. The
   authentication part of it is pretty simple - Google is already
   logging in users to their apps, so we can also host an OP endpoint
   for those domains and send assertions back to Relying Parties.
   What is more difficult is the discovery part. We have been working
   with the XRI TC to define a XRD-based discovery protocol that
   would allow this kind of hosting of discovery documents on behalf
   of our customers.
   We believe that providing proof-of-concept implementations drives
   standardization processes forward, so in this spirit we want to
   launch this feature in the near future, using a discovery protocol
   that as far as we can tell meets all the requirements of what the
   XRI TC is currently converging on, but which has not been vetted
   as an official standard (it's a chicken and egg thing - without
   PoC no standards, without standards by definition no
   standards-compliant implementations).

   While we were tossing around ideas in the

   standardization committees we just used random identifiers for new
   XML namespaces, etc. that we would need for this discovery
   protocol. Now that we're about to launch we need to decide what to
   call these things. We would like to use a namespace
   in http://specs.openid.net/... because we want this kind of
   discovery protocol to be part of OpenID, but we can't really use
   them because we don't have a next-generation discovery protocol  
yet.

   So what should we use? How
   about http://experimental.openid.net/... ? That way, Relying
   Parties know that what we're trying to do is be a part of the
   OpenID community and bring the protocol forward. On the other
   hand, this would also be a signal to the RP that they're using a
   feature that has not been vetted as a standard yet.
   For example, a discovery document for a domain balfanz.net
    at Google might look like this (notice the
   "experimental" namespace and the XML elements using it):

   
   
 http://www.w3.org/2000/09/xmldsig#";>
 
 http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets 
" />
 http://www.w3.org/2000/09/xmldsig#rsa-sha1 
" />

 
 
 
 
 MIICgjCCA...
 
 
 MIICsDCCAhmgAwIB...
 
 
 
 
 
 balfanz.net 
 
 http://specs.openid.net/auth/2.0/server
 http://openid.net/srv/ax/1.0
 http://specs.openid.net/extensions/pape/1.0
 https://www.google.com/a/balfanz.net/o8/ud?be=o8
 
 http://experimental.openid.net/google/2009/07/xmlns/ 
">
 http://www.iana.org/assignments/relation/describedbyType>

 application/xrds+xml
 https://www.google.com/accounts/o8/user-xrds?uri= 
{%uri}
   experimental:URITemplate>

 hosted-id.google.com
   
 
 
   

   What do you guys think?

   Dirk.




___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs



___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs


___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

2009-07-10 Thread George Fletcher


+1 to http://experimental.openid.net

It would be good to add this to the "repository" work Breno and John are 
doing as having a registry for experimental URIs would be good as well.


Thanks,
George

Dirk Balfanz wrote:

[[email protected]  for a broader audience]

On Thu, Jul 9, 2009 at 4:45 PM, Dirk Balfanz > wrote:


Hi guys, 


Google would like to launch a feature in which we're allowing our
Google Apps hosted domains to become OpenID providers. The
authentication part of it is pretty simple - Google is already
logging in users to their apps, so we can also host an OP endpoint
for those domains and send assertions back to Relying Parties.
What is more difficult is the discovery part. We have been working
with the XRI TC to define a XRD-based discovery protocol that
would allow this kind of hosting of discovery documents on behalf
of our customers. 


We believe that providing proof-of-concept implementations drives
standardization processes forward, so in this spirit we want to
launch this feature in the near future, using a discovery protocol
that as far as we can tell meets all the requirements of what the
XRI TC is currently converging on, but which has not been vetted
as an official standard (it's a chicken and egg thing - without
PoC no standards, without standards by definition no
standards-compliant implementations).

While we were tossing around ideas 
in the

standardization committees we just used random identifiers for new
XML namespaces, etc. that we would need for this discovery
protocol. Now that we're about to launch we need to decide what to
call these things. We would like to use a namespace
in http://specs.openid.net/... because we want this kind of
discovery protocol to be part of OpenID, but we can't really use
them because we don't have a next-generation discovery protocol yet. 


So what should we use? How
about http://experimental.openid.net/... ? That way, Relying
Parties know that what we're trying to do is be a part of the
OpenID community and bring the protocol forward. On the other
hand, this would also be a signal to the RP that they're using a
feature that has not been vetted as a standard yet. 


For example, a discovery document for a domain balfanz.net
 at Google might look like this (notice the
"experimental" namespace and the XML elements using it):



  http://www.w3.org/2000/09/xmldsig#";>
  
  http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets"; />
  http://www.w3.org/2000/09/xmldsig#rsa-sha1"; 
/>
  
  
  
  
  MIICgjCCA...
  
  
  MIICsDCCAhmgAwIB...
  
  
  
  
  
  balfanz.net 
  
  http://specs.openid.net/auth/2.0/server
  http://openid.net/srv/ax/1.0
  http://specs.openid.net/extensions/pape/1.0
  https://www.google.com/a/balfanz.net/o8/ud?be=o8
  
  http://experimental.openid.net/google/2009/07/xmlns/";>
  http://www.iana.org/assignments/relation/describedby
  application/xrds+xml
  
https://www.google.com/accounts/o8/user-xrds?uri={%uri}


  hosted-id.google.com

  
  


What do you guys think?

Dirk.




___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs
  


___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

2009-07-10 Thread Dirk Balfanz

[[email protected] for a broader audience]

On Thu, Jul 9, 2009 at 4:45 PM, Dirk Balfanz  wrote:

> Hi guys,
> Google would like to launch a feature in which we're allowing our Google
> Apps hosted domains to become OpenID providers. The authentication part of
> it is pretty simple - Google is already logging in users to their apps, so
> we can also host an OP endpoint for those domains and send assertions back
> to Relying Parties. What is more difficult is the discovery part. We have
> been working with the XRI TC to define a XRD-based discovery protocol that
> would allow this kind of hosting of discovery documents on behalf of our
> customers.
>
> We believe that providing proof-of-concept implementations drives
> standardization processes forward, so in this spirit we want to launch this
> feature in the near future, using a discovery protocol that as far as we can
> tell meets all the requirements of what the XRI TC is currently converging
> on, but which has not been vetted as an official standard (it's a chicken
> and egg thing - without PoC no standards, without standards by definition no
> standards-compliant implementations).
>
> While we were tossing around ideas 
> in
> the standardization committees we just used random identifiers for new XML
> namespaces, etc. that we would need for this discovery protocol. Now that
> we're about to launch we need to decide what to call these things. We would
> like to use a namespace in http://specs.openid.net/... because we want
> this kind of discovery protocol to be part of OpenID, but we can't really
> use them because we don't have a next-generation discovery protocol yet.
>
> So what should we use? How about http://experimental.openid.net/... ? That
> way, Relying Parties know that what we're trying to do is be a part of the
> OpenID community and bring the protocol forward. On the other hand, this
> would also be a signal to the RP that they're using a feature that has not
> been vetted as a standard yet.
>
> For example, a discovery document for a domain balfanz.net at Google might
> look like this (notice the "experimental" namespace and the XML elements
> using it):
>
> 
> 
>   http://www.w3.org/2000/09/xmldsig#";>
>   
>   http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets"; />
>   http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
>   
>   
>   
>   
>   MIICgjCCA...
>   
>   
>   MIICsDCCAhmgAwIB...
>   
>   
>   
>   
>   
>   balfanz.net
>   
>   http://specs.openid.net/auth/2.0/server
>   http://openid.net/srv/ax/1.0
>   http://specs.openid.net/extensions/pape/1.0
>   https://www.google.com/a/balfanz.net/o8/ud?be=o8
>   
>   http://experimental.openid.net/google/2009/07/xmlns/";>
>   http://www.iana.org/assignments/relation/describedby
>   application/xrds+xml
>   
> https://www.google.com/accounts/o8/user-xrds?uri={%uri}
> 
>   hosted-id.google.com
> 
>   
>   
> 
>
> What do you guys think?
>
> Dirk.
>
___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

2009-07-10 Thread Santosh Rajan

I agree formalizing a POC is a bit of a stretch. I was looking at it the
other way around.
There is a general consensus on XRD, especially the work done here.
http://www.hueniverse.com/hueniverse/xrd/
http://www.hueniverse.com/hueniverse/xrd/ 
Add a simple signature and a host-meta as XRD and we really have a simple
XRD spec for which there already is a consensus. A POC will solidify this.
THats all that is required really.
The problem with XRI TC is that we have the "Camel is a Horse designed by a
committee" syndrome.

SitG Admin wrote:
> 
>>Why dont you implement proof of concept for XRD instead? We can then
>>formalize it. Why should we wait for XRI TC? After 11 years XRI TC cant
even
>>sign an XML document reliably.
> 
> A proof-of-concept is useful for showing that something is 
> *possible*, but if you try to formalize from  there it's more of a 
> "hotshot went off and did their own thing, then expects everyone else 
> to follow the leader". Google is working *with* the XRI TC, and my 
> understanding is that they want their work to be useful when we all 
> start looking for a protocol that a majority of the community can 
> agree to (with little enough effort that it doesn't become more 
> efficient to ditch the POC entirely and start over from scratch).
> 
> -Shade
> ___
> specs mailing list
> [email protected]
> http://openid.net/mailman/listinfo/specs
> 
> 

-

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: 
http://www.nabble.com/experimental-namespace-for-openid.net-tp24419697p24430201.html
Sent from the OpenID - Specs mailing list archive at Nabble.com.

___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

2009-07-10 Thread SitG Admin


Why dont you implement proof of concept for XRD instead? We can then
formalize it. Why should we wait for XRI TC? After 11 years XRI TC cant even
sign an XML document reliably.


A proof-of-concept is useful for showing that something is 
*possible*, but if you try to formalize from  there it's more of a 
"hotshot went off and did their own thing, then expects everyone else 
to follow the leader". Google is working *with* the XRI TC, and my 
understanding is that they want their work to be useful when we all 
start looking for a protocol that a majority of the community can 
agree to (with little enough effort that it doesn't become more 
efficient to ditch the POC entirely and start over from scratch).


-Shade
___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

2009-07-10 Thread Santosh Rajan


Why dont you implement proof of concept for XRD instead? We can then
formalize it. Why should we wait for XRI TC? After 11 years XRI TC cant even
sign an XML document reliably.


Dirk Balfanz wrote:
> 
> Hi guys,
> Google would like to launch a feature in which we're allowing our Google
> Apps hosted domains to become OpenID providers. The authentication part of
> it is pretty simple - Google is already logging in users to their apps, so
> we can also host an OP endpoint for those domains and send assertions back
> to Relying Parties. What is more difficult is the discovery part. We have
> been working with the XRI TC to define a XRD-based discovery protocol that
> would allow this kind of hosting of discovery documents on behalf of our
> customers.
> 
> We believe that providing proof-of-concept implementations drives
> standardization processes forward, so in this spirit we want to launch
> this
> feature in the near future, using a discovery protocol that as far as we
> can
> tell meets all the requirements of what the XRI TC is currently converging
> on, but which has not been vetted as an official standard (it's a chicken
> and egg thing - without PoC no standards, without standards by definition
> no
> standards-compliant implementations).
> 
> While we were tossing around ideas
> in
> the standardization committees we just used random identifiers for new XML
> namespaces, etc. that we would need for this discovery protocol. Now that
> we're about to launch we need to decide what to call these things. We
> would
> like to use a namespace in http://specs.openid.net/... because we want
> this
> kind of discovery protocol to be part of OpenID, but we can't really use
> them because we don't have a next-generation discovery protocol yet.
> 
> So what should we use? How about http://experimental.openid.net/... ? That
> way, Relying Parties know that what we're trying to do is be a part of the
> OpenID community and bring the protocol forward. On the other hand, this
> would also be a signal to the RP that they're using a feature that has not
> been vetted as a standard yet.
> 
> For example, a discovery document for a domain balfanz.net at Google might
> look like this (notice the "experimental" namespace and the XML elements
> using it):
> 
> 
> 
>   http://www.w3.org/2000/09/xmldsig#";>
>   
>   http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets"; />
>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
> " />
>   
>   
>   
>   
>   MIICgjCCA...
>   
>   
>   MIICsDCCAhmgAwIB...
>   
>   
>   
>   
>   
>   balfanz.net
>   
>   http://specs.openid.net/auth/2.0/server
>   http://openid.net/srv/ax/1.0
>   http://specs.openid.net/extensions/pape/1.0
>   https://www.google.com/a/balfanz.net/o8/ud?be=o8
>   
>   http://experimental.openid.net/google/2009/07/xmlns/";>
>   http://www.iana.org/assignments/relation/describedby
>   application/xrds+xml
>   
> https://www.google.com/accounts/o8/user-xrds?uri={%uri}
> 
>   hosted-id.google.com
> 
>   
>   
> 
> 
> What do you guys think?
> 
> Dirk.
> 
> ___
> specs mailing list
> [email protected]
> http://openid.net/mailman/listinfo/specs
> 
> 


-

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: 
http://www.nabble.com/experimental-namespace-for-openid.net-tp24419697p24421491.html
Sent from the OpenID - Specs mailing list archive at Nabble.com.

___
specs mailing list
[email protected]
http://openid.net/mailman/listinfo/specs

Re: experimental namespace for openid.net

Re: experimental namespace for openid.net

Re: experimental namespace for openid.net

Re: experimental namespace for openid.net

Re: experimental namespace for openid.net

Re: experimental namespace for openid.net

6 matches

Site Navigation

Mail list logo

Footer information