Moving OpenID Forward
Rasqual Twilight
oid at rasqual.silk.com
Sat Jun 17 15:43:43 UTC 2006
On 6/16/06, David Recordon <drecordon at verisign.com> wrote:
> As Brad mentioned a few weeks ago
> (http://brad.livejournal.com/2226738.html), I've been working a lot on
> moving OpenID forward along with the guys up at JanRain. With Brad and
> their feedback, I've taken the existing spec
> (http://www.openid.net/specs.bml) and cleaned it up into something that
> looks much more like what people would expect. Right now you can find
> it at http://www.openid.net/specs/ and I'll be making that the home for
> all of the OpenID specs in the future.
>
(-snip-)
>
> --David
>
Hello David and everyone,
I would like to raise the following points regarding the OpenId 1.1 specs:
- This spec does not define what an "association" is, neither does the
Diffie-Helmann spec. It does not relate smart mode and storing the
association information.
> It's RECOMMENDED that a Consumer first submit an associate request
> to the End User's Identity Provider and request a shared secret if
> the Consumer does not already have one cached.
(Ignoring the minor typo), this statement is confusing. Are an associate
request and a shared secret request distinct?
- Mr. Howe mentioned the RFC 3986[1] , the URI Generic Syntax section
#6, "Normalization and Comparison", as an authoritative source for URL
normalization, which obsoletes the mentioned RFC 2396. I also think some
RFCs mentioned in <http://www.lifewiki.net/openid/OpenIDSpecification>
could be cites as well for bibliography.
[1] http://lists.danga.com/pipermail/yadis/2006-April/002533.html
[2] Berners-Lee, T.et al., "Uniform Resource Identifier (URI): Generic
Syntax.", January 2005, http://www.rfc-archive.org/getrfc.php?rfc=3986
Regards,
--
Rasqual Twilight
http://rasqual.skyhalo.info/
More information about the yadis
mailing list