OpenID status update
ken.horn at clara.co.uk
Fri Jun 3 03:02:38 PDT 2005
Is a middle ground to declare a version / protocol name with the current
impl? An extra field, openid.version=1.0 or something to make the sig
(in particular) less opaque like:
Debugging differently signed / encoded tokens will be horrific if they
change later. It would be nice to avoid over time:
Jean-Luc Delatre wrote:
> Brad Fitzpatrick wrote:
>> I don't have the necessary crypto background to do this on my own, and
>> all my code/work is essentially done at this point, so I'm doing all I
>> can to not push this live on LiveJournal /tonight/.
> Yes indeed!
> What's the point of spreading Yet Another Crock?
> I don't agree *at all* with that rush forward.
> There is no shortage of lousy software all over the place.
> I would much prefer that enough time be given to Paul Crowley to
> review the protocol with added contributions from list members.
> I do agree with some of your points like no encryption in the core and
> not sending private keys in the clear.
> I don't have the necessary crypto background either but I try to
> educate myself :
> The fact that a protocol is difficult to understand does not mean that
> it is diffcult to implement, the availability of proper
> packages/libraries has more impact.
> P.S. I have trouble with current test trials on livejournal, it
> appears that some parameters names get mangled
> in the returned page like 'openid_assert_identity' instead of
> 'openid.assert_identity', how's that?
> yadis mailing list
> yadis at lists.danga.com
More information about the yadis