I don't think that there's a problem with the conclusion, but I have a few comments.
> For HTTP the history is a bit different but there is plenty of work for
> providing inter-domain authentication. At the time when we worked on
> the
> geolocation authorization policy it was, however, a bit too early to
> reference something.
You're closer to OpenID than I, but my reading of the specification throws doubt on its suitability for this sort of application.
Do you believe that we're any closer to getting a mechanism that could be referenced in the same fashion that we might reference something like RFC 4474?
> That's not particularly new for me though.
I'm glad you think so. It wasn't intended to be a surprise :)
> It is certainly true that you want to have both mechanisms.
Actually, I'm not sure that this is true, but there's enough uncertainty in that statement that I'm willing to continue exploring the consequences of providing both. Then we can see what works when the dust settles.
> One thing that I believe where some misunderstanding starts is that
> users are expected to hand around new URLs all the time
I'd like to challenge that assumption. The definition of "user" in this discussion probably needs greater scrutiny. I just said the same to Henning.
> (This makes me wonder what the future of
> http://tools.ietf.org/id/draft-garcia-geopriv-indirect-publish-01.txt
> is.)
I've got a separate email on that coming ;)
> The conclusion is the same but the path I got there is different.
That's reassuring.
--Martin
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
