I agree. I think it is great having a way for people to easily propose new identifier formats and even use them within their own implementations. There does however need to be some sort of community review process before new identifiers are added to OpenID in a public fashion.
--David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johannes Ernst Sent: Friday, March 02, 2007 12:47 PM To: specs@openid.net Subject: Re: Proposal for Modularizing Auth 2.0 Discovery While I'm strongly in favor of modularization from an architectural perspective, is there a potential security problem here if multiple protocols are developed to resolve the same kind of identifier? (because they could resolve to a different set of endpoints / services) It appears to me that the only way this can work is that while we modularize, we only let the same set of people who have defined some of the "plug-in" documents define new "plug-in" documents how to do discovery. The Yadis decentralized innovation model -- everybody define the service types they like, they don't need to ask anybody -- may not work here. Or am I off-base? Cheers, Johannes. Johannes Ernst NetMesh Inc. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs