JanRain’s own Josh Hoyt announced to the OpenID mailing list draft 12 of the OpenID Authentication 2.0 specification.
“It’s been a long time since the previous draft, and it’s past time that we get the work that has been done out, so that users and developers can benefit from OpenID 2.0.
In the next month, we’d like to see implementers update their libraries or applications to be draft 12 compliant and perform interoperability testing. Once this period is over (October 1st), we should call the specification final, pending final IPR clearance from contributors. If we have IPR clearance by that point, we can call the spec final on October 1st.
In the past, we’ve had timelines proposed and slipped. I don’t think there’s any reason for that to happen in this case, and I hope that the community will hold the editors accountable.
Let’s get this done!”
Major changes to the OpenID authentication specification, draft 11 to draft 12:
* Specify handling of URL fragments
* Realm verification using XRDS discovery
* Don’t allow unencrypted secret exchange unless operating with transport layer encryption
If you have any questions or comments feel free to post to the mailing list or check out the OpenID channel on Pibb!