Moving OpenID Forward

Rasqual Twilight oid at
Sat Jun 17 15:43:43 UTC 2006

On 6/16/06, David Recordon <drecordon at> wrote:
> As Brad mentioned a few weeks ago
> (, I've been working a lot on
> moving OpenID forward along with the guys up at JanRain.  With Brad and
> their feedback, I've taken the existing spec
> ( and cleaned it up into something that
> looks much more like what people would expect.  Right now you can find
> it at and I'll be making that the home for
> all of the OpenID specs in the future.


> --David

Hello David and everyone,

I would like to raise the following points regarding the OpenId 1.1 specs:
- This spec does not define what an "association" is, neither does the
Diffie-Helmann spec. It does not relate smart mode and storing the 
association information.

> It's RECOMMENDED that a Consumer first submit an associate request
> to the End User's Identity Provider and request a shared secret if
> the Consumer does not already have one cached.

(Ignoring the minor typo), this statement is confusing. Are an associate 
request and a shared secret request distinct?

- Mr. Howe mentioned the RFC 3986[1] , the URI Generic Syntax section
#6, "Normalization and Comparison", as an authoritative source for URL
normalization, which obsoletes the mentioned RFC 2396. I also think some  
RFCs mentioned in <> 
could be cites as well for bibliography.

[2] Berners-Lee, al., "Uniform Resource Identifier (URI): Generic
Syntax.", January 2005,

Rasqual Twilight

More information about the yadis mailing list