On 2-Jun-07, at 5:14 PM, Recordon, David wrote: > I'd like to see this written as an > extension so that if the first approach doesn't work, the Auth spec > itself doesn't have to be "reverted. Rather we can finish 2.0 and try > implementing different approaches before deciding on the final way to > solve this problem.
I thought we had agreed at IIW (for good reason) to address this in 2.0. Other than the actual solution not being 100% clear, has anything changed? Arguments for not putting it into an extension: - users of provider's X who employs 'identifier recycling extension' would not be able to log into RP Y who doesn't understand the extension - it's likely that whatever solution we come up with affects the discovery / verification processes, in which case it couldn't be pushed to an extension (we're trying to patch something about the _identifier_ itself, which is the center of each openid transaction). Also, I believe the fragment approach can actually work, as detailed here: http://openid.net/pipermail/specs/2007-May/001767.html I haven't seen any replies to this, so would appreciate if others would go through the proposed changes and see if they all makes sense of I've overlooked something. Thanks, Johnny _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs