wrap_ns=http://whatever/wrap/1.0
wrap_client_id ...
openid.ns=http://whatever/wrap/1.0
openid.client_id ...
openid.ns= http://specs.openid.net/auth/2.0
wrap.ns=http://specs.openid.net/auth/2.0
Hi
This may have come up earlier but ...
I think Wrap should have a namespace / versioning syntax.
Invariably, it will evolve, and will require version number etc. so, it seems better to me to have one from the beginning.
e.g.,wrap_ns=http://whatever/wrap/1.0
wrap_client_id ...
I would go further. Why is underscore '_' is used for the delimiter?
If we make it dot '.', it will improve the future compatibility with OpenID.
So, we could do something like:openid.ns=http://whatever/wrap/1.0openid.client_id ...
The same applies for OpenID. For an unknown reason, though OpenID has namespace so that we write:openid.ns= http://specs.openid.net/auth/2.0
the prefix "openid" is fixed. We should be able to change it like:wrap.ns=http://specs.openid.net/auth/2.0
Now, the third point.
Could we not try to harmonize the variable names between the two specs?
OpenID is in use widely, so it is kind of hard to change it,
so I would request Wrap community to come closer.
IMHO, we should try to harmonize/unite instead of fragmenting.
On 2010-02-25, at 4:11 PM, Nat Sakimura wrote:Hi
This may have come up earlier but ...
I think Wrap should have a namespace / versioning syntax.
Invariably, it will evolve, and will require version number etc. so, it seems better to me to have one from the beginning.
e.g.,wrap_ns=http://whatever/wrap/1.0
wrap_client_id ...Versioning was discussed. I don't recall the details, but it was decided it did not add value.
I would go further. Why is underscore '_' is used for the delimiter?
If we make it dot '.', it will improve the future compatibility with OpenID.Or OpenID could change to using '_' :-)
Interesting assumption. At IIW we discussed OpenID v Next that was NOT backward compatible. It would seem that there is an oppportunity to make changes to OpenID as well as OAuth WRAP.So, we could do something like:openid.ns=http://whatever/wrap/1.0openid.client_id ...
The same applies for OpenID. For an unknown reason, though OpenID has namespace so that we write:openid.ns= http://specs.openid.net/auth/2.0
the prefix "openid" is fixed. We should be able to change it like:wrap.ns=http://specs.openid.net/auth/2.0
Now, the third point.
Could we not try to harmonize the variable names between the two specs?
OpenID is in use widely, so it is kind of hard to change it,
so I would request Wrap community to come closer.WRAP followed OAuth, which has much broader adoption from what I know than OpenID
IMHO, we should try to harmonize/unite instead of fragmenting.Agreed, but perhaps the changes could happen in OpenID or a combination?
-- Dick
_______________________________________________
specs mailing list
sp...@lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs
--You received this message because you are subscribed to the Google Groups "OAuth WRAP WG" group.
To post to this group, send email to oauth-...@googlegroups.com.
To unsubscribe from this group, send email to oauth-wrap-w...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/oauth-wrap-wg?hl=en.
As long as prefixes themselves never *contain* underscores (which seems
like a reasonable constraint to me) there's no ambiguity between the
underscore used as the delimiter and underscore used to separate words
in the remainder of the name.
my ($prefix, $local_name) = split(/_/, $key, 2);
I think it's a mistake to try to design a versioning system until you
know what compatibility problem you're trying to solve.
It's possible that future versions of wrap will be compatible with the
current one but just add additional properties, in which case you can
detect the new version by noticing the new properties.
(For example, see OAuth 1.0a which is a superset of the existing
protocol so OAuth 1.0a clients can still communicate with OAuth 1.0
servers.)
If it does turn out that a backward-incompatible change is required,
then this could be achieved in other ways than an explicit version
number. For example, the SP could just use different endpoint URIs for
another version, or the prefix could be changed.
And even if there does actually need to be a version number, I'm not
convinced it needs to be something as verbose as a URI. Why not just
wrap_version=1.0 ?
Later in your message you refer to OpenID's extension mechanism, but as
an implementer of that I was dissatisfied by the fact that it requires
an implementation to scan through all of the request parameters to look
for the ones called something of the form openid.prefix.ns and then,
having determined what the prefixes mean, then go back and extract all
of the keys I'm interested in from the extension I want.
So with that said I'm not convinced that the OpenID extension mechanism
is a good source of inspiration for an extensibility or versioning
mechanism.
While I agree that WRAP and OpenID should harmonize I think it would be
better to do so by finding the best possible way to satisfy both use
cases rather than trying to shoe-horn a WRAP flow into the existing
OpenID request model, which IMHO has proven to be sub-optimal in
retrospect for a number of reasons.
Verbose namespaces and parameters have made OpenID URLs more difficult to work with than they need be.
On 2010-03-02, at 4:12 PM, Breno de Medeiros wrote:
>> Big +10000 to trying to harmonize OpenID and Oauth WRAP.
>> Allen
>>
>
> +1
> I think it's a mistake to try to design a versioning system until you know
> what compatibility problem you're trying to solve.
Having watched or participated in the evolution of various versioning
mechanisms around W3C over the years, I can only agree wholeheartedly
with this. In particular, data format standards and protocols have
quite different characteristics and sometimes versioning the two
aspects packaged together can cause pain.
cheers,
Dan