I wasn't in that session (as far as I recall ;-)) so I don't know either what was agreed on, or who agreed, or for what reasons ... the thread so far does not look like it was a very stable agreement ;-)
On Jun 2, 2007, at 22:11, Johnny Bufu wrote: > > On 2-Jun-07, at 5:14 PM, Recordon, David wrote: >> I'd like to see this written as an >> extension so that if the first approach doesn't work, the Auth spec >> itself doesn't have to be "reverted. Rather we can finish 2.0 and >> try >> implementing different approaches before deciding on the final way to >> solve this problem. > > I thought we had agreed at IIW (for good reason) to address this in > 2.0. Other than the actual solution not being 100% clear, has > anything changed? > > Arguments for not putting it into an extension: > - users of provider's X who employs 'identifier recycling > extension' would not be able to log into RP Y who doesn't > understand the extension > - it's likely that whatever solution we come up with affects the > discovery / verification processes, in which case it couldn't be > pushed to an extension (we're trying to patch something about the > _identifier_ itself, which is the center of each openid transaction). > > > Also, I believe the fragment approach can actually work, as > detailed here: > > http://openid.net/pipermail/specs/2007-May/001767.html > > I haven't seen any replies to this, so would appreciate if others > would go through the proposed changes and see if they all makes > sense of I've overlooked something. > > > Thanks, > Johnny _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
