On 2-Jun-07, at 5:14 PM, Recordon, David wrote:
> I'd like to see this written as an
> extension so that if the first approach doesn't work, the Auth spec
> itself doesn't have to be "reverted.  Rather we can finish 2.0 and try
> implementing different approaches before deciding on the final way to
> solve this problem.

I thought we had agreed at IIW (for good reason) to address this in  
2.0. Other than the actual solution not being 100% clear, has  
anything changed?

Arguments for not putting it into an extension:
- users of provider's X who employs 'identifier recycling extension'  
would not be able to log into RP Y who doesn't understand the extension
- it's likely that whatever solution we come up with affects the  
discovery / verification processes, in which case it couldn't be  
pushed to an extension (we're trying to patch something about the  
_identifier_ itself, which is the center of each openid transaction).

Also, I believe the fragment approach can actually work, as detailed  


I haven't seen any replies to this, so would appreciate if others  
would go through the proposed changes and see if they all makes sense  
of I've overlooked something.


specs mailing list

Reply via email to