Moving OpenID Forward
oid at rasqual.silk.com
Sat Jun 17 15:43:43 UTC 2006
On 6/16/06, David Recordon <drecordon at verisign.com> wrote:
> As Brad mentioned a few weeks ago
> (http://brad.livejournal.com/2226738.html), I've been working a lot on
> moving OpenID forward along with the guys up at JanRain. With Brad and
> their feedback, I've taken the existing spec
> (http://www.openid.net/specs.bml) and cleaned it up into something that
> looks much more like what people would expect. Right now you can find
> it at http://www.openid.net/specs/ and I'll be making that the home for
> all of the OpenID specs in the future.
Hello David and everyone,
I would like to raise the following points regarding the OpenId 1.1 specs:
- This spec does not define what an "association" is, neither does the
Diffie-Helmann spec. It does not relate smart mode and storing the
> It's RECOMMENDED that a Consumer first submit an associate request
> to the End User's Identity Provider and request a shared secret if
> the Consumer does not already have one cached.
(Ignoring the minor typo), this statement is confusing. Are an associate
request and a shared secret request distinct?
- Mr. Howe mentioned the RFC 3986 , the URI Generic Syntax section
#6, "Normalization and Comparison", as an authoritative source for URL
normalization, which obsoletes the mentioned RFC 2396. I also think some
RFCs mentioned in <http://www.lifewiki.net/openid/OpenIDSpecification>
could be cites as well for bibliography.
 Berners-Lee, T.et al., "Uniform Resource Identifier (URI): Generic
Syntax.", January 2005, http://www.rfc-archive.org/getrfc.php?rfc=3986
More information about the yadis