Moving OpenID Forward
Drummond Reed
drummond.reed at cordance.net
Fri Jun 16 00:45:20 UTC 2006
David,
This is very cool stuff. OpenID 2.0 is evolving from just an authentication
protocol to a framework for user-centric identity services based on either a
URL or XRI "digital address". That kind of convergence should really help
with traction.
I can't make the 23rd due to my brother getting married here in Seattle that
weekend, but I think I could dial-in for part of the session. Will you be
able to arrange a dial-in number?
=Drummond
-----Original Message-----
From: yadis-bounces at lists.danga.com [mailto:yadis-bounces at lists.danga.com]
On Behalf Of Recordon, David
Sent: Thursday, June 15, 2006 5:15 PM
To: Yadis list
Subject: Moving OpenID Forward
As Brad mentioned a few weeks ago
(http://brad.livejournal.com/2226738.html), I've been working a lot on
moving OpenID forward along with the guys up at JanRain. With Brad and
their feedback, I've taken the existing spec
(http://www.openid.net/specs.bml) and cleaned it up into something that
looks much more like what people would expect. Right now you can find
it at http://www.openid.net/specs/ and I'll be making that the home for
all of the OpenID specs in the future.
Besides this, we've also been working on the next version of OpenID
Authentication.
The main goals have been to:
- Deal with the few current security issues
- Build the framework to support extensions for passing rich
information on top of an authentication assertion
- Allow the use case of entering the URL for your IdP versus your
entire Identity URL to support multiple personas
- Support both URLs and i-names as an Identifier since all i-brokers
are now required to support OpenID Authentication. For the time being
we can use their URL based proxy XRI resolver to keep code simple
We see OpenID as being an umbrella for the framework that encompasses
the layers for identifiers, discovery, authentication, and a messaging
services layer that sits atop and this entire thing has sort of been
dubbed "OpenID 2.0". We see URLs and XRIs being the identifier layer,
Yadis as discovery, OpenID Authentication for the authentication layer,
and then are also working with JanRain to develop a light-weight
abstract messaging layer.
This will enable things like profile exchange and secure "email"
directly between an IdP and Consumer or IdP to IdP. I've really taken
the tack of thinking about profile exchange just as a use case of doing
something on behalf of the end user, which has allowed us to abstract it
out into a piece of infrastructure that can be shared. In the end,
you'll see multiple small specs under the OpenID name that can all be
pieced together or used separately.
The current plan is to have something much more concrete, actual
proposed spec changes, for all of you to comment on by the end of next
week. Josh Hoyt from JanRain has been cranking on most of the actual
work which has really helped me. I'll then play editor for the spec and
JanRain will start working on making all of this a reality within their
OpenID libraries.
Next Friday, the 23rd, I'd also like to extend an invitation to all of
you to come down to VeriSign's campus in Mountain View and have a day
meeting much like the one I hosted last year at Six Apart for Yadis. I
think it would be a great opportunity for all of us to get in a room and
really go over the changes being proposed for OpenID as well as help
everyone better understand the direction and vision Brad and I share for
it in terms of the core staying small/simple/modular while allowing the
rich use cases that truly make it an Identity 2.0 technology.
--David
More information about the yadis
mailing list