http://blog.gmane.org/gmane.comp.web.openid.general hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.comp.web.openid.general/8394 A few months ago, some members from the OATH community and I got together to take a fresh look at the PAPE spec, what it was trying to accomplish, and how well it could be implemented. We started holding semi-weekly conference calls and over the period of a couple months we drafted up a slightly new take on PAPE. The main difference is that we defined a specific set of authentication methods, rather than only using high-level policies. After long discussions we found that there was too much ambiguity in the high-level policies as defined today in PAPE. We created a draft of our modified specification, termed PAPE-Authentication Mechanisms (PAPE-AM), and we are beginning to socialize the concepts in that draft. I published a blog post summarizing our motivations, and wanted to share it with the greater OpenID mailing list. http://openidtrustbearer.wordpress.com/2008/10/06/building-on-the-openid-pape-specification/ I would appreciate hearing the thoughts of the readers on this mailing Brian Kelly 2008-10-06T21:28:56 http://comments.gmane.org/gmane.comp.web.openid.general/8387 I've been having conversations with folks about the current OpenID libraries lately and it seems to me that it would be highly valuable to both consolidate the existing [good] libraries, to get more visibility and transparency into their development, to increase the number of contributors, to give the foundation more direct management of the codebase, to open up the support queue, to enable branching, and to also go about creating separate libraries for each respective language, rather than just using ports of the Python libraries. Yes, this is a tall order, but given the experience I've had with pushing the development of OAuth libraries (http://oauth.net/code), I think we need to shift where and how the development happens to get more momentum going and make it easier to manage project access. I propose that we make use of either Google Code or Github. I'm not looking for a religious battle here; I'm personally more familiar and comfortable with Google Code, but Github has proven to be a rather excellent Chris Messina 2008-10-06T02:26:20 http://comments.gmane.org/gmane.comp.web.openid.general/8384 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Snorri 2008-10-04T08:59:53 http://comments.gmane.org/gmane.comp.web.openid.general/8383 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Snorri 2008-09-30T13:44:26 http://comments.gmane.org/gmane.comp.web.openid.general/8370 Anyone read Japanese and want to translate this press release please? http://www.nec.co.jp/press/ja/0809/2901.html Thanks, --David David Recordon 2008-09-29T16:25:50 http://comments.gmane.org/gmane.comp.web.openid.general/8362 I was writing a dialogue earlier today mapping out the conceptual and logical flow of OpenID, and in one of the paragraphs at the end (after the dialogue concluded), I praised OpenID (for *not* requiring users to enter their password at the Relying Parties' sites) and criticized 'integration' technologies that *do* ask for the user's password to different accounts but, in the process, teach the user to be phished. Reviewing this a few minutes ago, I realized that OpenID really does look a lot like phishing: Phishing: the user sees a site that looks exactly like their regular login screen, but this isn't their login site. OpenID: the user sees a site that looks exactly like their regular login screen, because it IS their login site. I don't think this is anything new, I've seen creative solutions implemented already (secret images served only to 'known' users, for instance), but I haven't seen it stated this way before, so it may be worth noting. Is there a spot at the openid.net wiki for such SitG Admin 2008-09-28T07:32:31 http://comments.gmane.org/gmane.comp.web.openid.general/8299 https://spaces.internet2.edu/display/SHIB2/Shibboleth+2.2+Roadmap Some leading lights in the US academic community are essentially claiming that certain Java OpenID2 libraries are essentially unusable - to the point where they can only be entirely re-written. Until they are rewritten (which will never happen), no Internet2 funds will be aimed at OpenID2.Its hard to know if the libraries referred to are the XRI libraries or IDP or SP, or AX, or what? Anyone have any news on the results of the UK OpenID project, from the University of Kent. It should have terminated by now, though it was targetted at OpenID1. (Why anyone would fund university level research into OpenID1 is a mystery to me, unless the initiative is a foil.) Peter Williams 2008-09-23T15:47:29 http://comments.gmane.org/gmane.comp.web.openid.general/8297 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Eric Sachs 2008-09-22T22:20:38 http://comments.gmane.org/gmane.comp.web.openid.general/8295 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general hulixin 2008-09-22T07:20:19 http://comments.gmane.org/gmane.comp.web.openid.general/8285 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Peter Williams 2008-09-19T13:55:17 http://comments.gmane.org/gmane.comp.web.openid.general/8261 Q: Who gets to vote on OpenID Foundation matters, e.g. who gets to set on community board seats? (such a mine) A: You need to be OpenID Foundation member in good standing. That means you need to have signed up here: https://openid.net/foundation/members/registration That does cost you some money; the theory is that this will get those people to vote that care and leave out those that don't. Hopefully the membership and election committees ( http://wiki.openid.net/OpenID_Foundation/Committees ) will soon have defined a plan how we are going to go about the elections. If you have any comments, please bug your favorite board member. As a board we better be responsive to the community ... ;-) Cheers, Johannes. Johannes Ernst NetMesh Inc. http://netmesh.info/jernst _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Johannes Ernst 2008-09-17T23:50:55 http://comments.gmane.org/gmane.comp.web.openid.general/8235 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general hulixin 2008-09-17T06:31:57 http://comments.gmane.org/gmane.comp.web.openid.general/8232 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general hulixin 2008-09-17T04:05:19 http://comments.gmane.org/gmane.comp.web.openid.general/8212 I'm trying to imagine a world without identity, and what my mind would do trying to wrap itself around the concept of someone trying to sell me the idea of identity. I don't mean lacking the ability to distinguish ourselves from other entities as separate individuals, I mean the idea of knowing who other people *are*. To relate this to OpenID, let's step back a moment from the idea of accounts *at all* - think of the internet as just one giant bulletin board, where anyone can leave notes anywhere. I see a note, and it's "signed" "Bob". Of course, the "signature" is just part of the note, anyone could forge it; but that doesn't matter, until I see *another* note, maybe on the same "section" (site) of the board, maybe somewhere else; this, too, is "signed" "Bob". Is it the SAME "Bob"? Nobody knows! Certainly, it would be very foolish of us to go assuming such things, since everyone has the same power to post notes "signed" "Bob". Indeed, the only thing that can be assumed from such a "signature" SitG Admin 2008-09-16T21:55:31 http://comments.gmane.org/gmane.comp.web.openid.general/8177 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Andrew Arnott 2008-09-15T23:45:24 http://comments.gmane.org/gmane.comp.web.openid.general/8174 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general hulixin 2008-09-09T01:48:47 http://comments.gmane.org/gmane.comp.web.openid.general/8159 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Andrew Arnott 2008-09-07T01:43:56 http://comments.gmane.org/gmane.comp.web.openid.general/8155 I'm typing in the addresses by hand and got mixed up when I replied to Kevin's message, forget to switch back to "specs< at >openid.net" after that :( -Shade SitG Admin 2008-09-05T20:47:31 http://comments.gmane.org/gmane.comp.web.openid.general/8150 I realize and buy the arguments that http and https claimed ids should represent separate identities. I am having some difficulty with various OPs in the wild and their differences. We want our RP to only accept secure identifiers: User supplied identifiers, claimed identifiers, and OP endpoints. Is there a recommended practice for when an OP can serve up a secure claimed identifer vs an insecure (https vs http)? I am encountering varying behavior. We would like to vet and white list acceptable OPs. Take myvidoop for example. If the user supplied identifier is https://whatever.myvidoop.com then we resolve an https claimed id. However, if the user enters the OP identifer https://myvidoop.com (secure), myvidoop returns an insecure (http) identifier. The protocol started out secure and subsequently downgraded. This seems unacceptable to me and confusing to the consumer. There seems to be wide latitude in how to represent the OP identifier when asking the OP to choose an identifier for the user. Ya Joe Tele 2008-09-05T19:45:58 http://comments.gmane.org/gmane.comp.web.openid.general/8105 _______________________________________________ general mailing list general< at >openid.net http://openid.net/mailman/listinfo/general Joe Tele 2008-09-03T07:04:14 http://comments.gmane.org/gmane.comp.web.openid.general/8102 The OpenID Foundation Board chartered a Customer Research Committee last Thursday. Its purpose is to reach out to actual and potential adopters of OpenID, and learn from them basically what worked and what did not for them, and what the OpenID community needs to do in order: - to get even broader adoption of OpenID by more parties, in particular sites accepting OpenIDs - to make existing OpenID deployments more successful (e.g. in getting OpenID transaction volume up) If you have well-supported views on the subject, or like to volunteer some of your time for this purpose, please get in touch with me as soon as possible. Once we have them, it is our intention to make the results of this initial activity available to the members of the OpenID foundation. (See, another reason to join the foundation now!) Thanks, Johannes Ernst NetMesh Inc. Chair, OpenID Foundation Customer Research Committee http://netmesh.info/jernst _______________________________________________ general ma Johannes Ernst 2008-09-02T22:27:46 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.web.openid.general