[OpenID] Yahoo! supporting OpenID 2.0 but not 1.1

André Luís andreluis.pt at gmail.com
Thu Jan 17 11:37:13 PST 2008

In  http://openid.net/specs/openid-authentication-2_0.html#compat_mode  it says:

"OpenID Authentication 2.0 implementations SHOULD support OpenID
Authentication 1.1 compatibility, unless security considerations make
it undesirable."

Now, try opening https://open.login.yahooapis.com/openid/op/auth

it says: "Sorry! You will not be able to login to this website as it
is using an older version of the the OpenID technology. Yahoo! only
supports OpenID 2.0 because it is more secure."

Should we interpret this as a strong support for OpenID 2.0 on behalf
of Yahoo! but a strong distrust for OpenID 1.1?

What about consumers? Should we also disregard 1.1 providers for
safety reasons and encourage 2.0? This gray area will probably
generate some confusion between the less tech savvy users, being
denied access due to the version of the "pipes".

Just wondering what the community has to say about this issue. I was
under the impression that OpenID 2.0 providers were forced to support
OpenID 1.1, my mistake.

André Luís

More information about the general mailing list