I just had a good talk w Brian about client id prefix and alternative trust mechanisms. Brian pointed out that what I sad at the mic may have been perceived as being in opposition to the client id prefix. This is not the case at all.
What I should have said at the mic is that I am hoping for for alternative trust mechanisms to have a clean "hook" into the base spec. Of course the web pki should be one (maybe even the default) trust mechanism, just not to exclude all alternatives.
I am personally in favor of your proposal now that Brian was able to explain the intent, and I think it would be very useful for the openid fed spec (specifically) to consider refactor to reference a spec like this provided we have a way to use our trust mechanism.
I'd be happy to talk offline about ways I could help. Cheers Leif _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
