I wasn't in that session (as far as I recall ;-)) so I don't know  
either what was agreed on, or who agreed, or for what reasons ... the  
thread so far does not look like it was a very stable agreement ;-)

On Jun 2, 2007, at 22:11, Johnny Bufu wrote:

> On 2-Jun-07, at 5:14 PM, Recordon, David wrote:
>> I'd like to see this written as an
>> extension so that if the first approach doesn't work, the Auth spec
>> itself doesn't have to be "reverted.  Rather we can finish 2.0 and  
>> try
>> implementing different approaches before deciding on the final way to
>> solve this problem.
> I thought we had agreed at IIW (for good reason) to address this in  
> 2.0. Other than the actual solution not being 100% clear, has  
> anything changed?
> Arguments for not putting it into an extension:
> - users of provider's X who employs 'identifier recycling  
> extension' would not be able to log into RP Y who doesn't  
> understand the extension
> - it's likely that whatever solution we come up with affects the  
> discovery / verification processes, in which case it couldn't be  
> pushed to an extension (we're trying to patch something about the  
> _identifier_ itself, which is the center of each openid transaction).
> Also, I believe the fragment approach can actually work, as  
> detailed here:
>       http://openid.net/pipermail/specs/2007-May/001767.html
> I haven't seen any replies to this, so would appreciate if others  
> would go through the proposed changes and see if they all makes  
> sense of I've overlooked something.
> Thanks,
> Johnny

specs mailing list

Reply via email to