Moving OpenID Forward

Recordon, David drecordon at
Mon Jun 19 05:43:33 UTC 2006

Thanks Rasqual, I'll work on getting your feedback incorporated into the


-----Original Message-----
From: yadis-bounces at
[mailto:yadis-bounces at] On Behalf Of Rasqual Twilight
Sent: Saturday, June 17, 2006 11:44 AM
To: yadis at
Subject: Re: Moving OpenID Forward

On 6/16/06, David Recordon <drecordon at> wrote:
> As Brad mentioned a few weeks ago
> (, I've been working a lot on

> moving OpenID forward along with the guys up at JanRain.  With Brad 
> and their feedback, I've taken the existing spec
> ( and cleaned it up into something 
> that looks much more like what people would expect.  Right now you can

> find it at and I'll be making that the 
> home for all of the OpenID specs in the future.


> --David

Hello David and everyone,

I would like to raise the following points regarding the OpenId 1.1
- This spec does not define what an "association" is, neither does the
Diffie-Helmann spec. It does not relate smart mode and storing the
association information.

> It's RECOMMENDED that a Consumer first submit an associate request to 
> the End User's Identity Provider and request a shared secret if the 
> Consumer does not already have one cached.

(Ignoring the minor typo), this statement is confusing. Are an associate
request and a shared secret request distinct?

- Mr. Howe mentioned the RFC 3986[1] , the URI Generic Syntax section
#6, "Normalization and Comparison", as an authoritative source for URL
normalization, which obsoletes the mentioned RFC 2396. I also think some

RFCs mentioned in <> 
could be cites as well for bibliography.

[2] Berners-Lee, al., "Uniform Resource Identifier (URI): Generic
Syntax.", January 2005,

Rasqual Twilight

More information about the yadis mailing list