Went Through it With Brad

Josh Hoyt josh at janrain.com
Tue Nov 14 00:15:12 UTC 2006


On 11/8/06, Recordon, David <drecordon at verisign.com> wrote:
> 2) 7.3.3 basically deprecates HTML-based discovery, saying that it is a
> way to know that the IdP is using Auth 1.1.  While I know we believe
> Yadis will be used in most applications, I hypothesize that the
> simplicity of HTML-based discovery will have it continue to prevail.  I
> thus would propose we remove the sentence saying that this is a way to
> know that an IdP is running version 1.1.

Yeah, it does. The justification for this is that there is no way to
specify a version for the server, so we have to assume something, and
since HTML discovery already used in 1.1, that's the only reasonable
assumption to make. I see two ways out of this:

1. Add another "rel" value to the HTML discovery for OpenID 2:
  <link rel="openid.server openid2.server" href="...">

2. Add some way of doing discovery on the endpoint URL for determining
the version, so it doesn't have to be part of the user's XRDS or HTML
document

Either one of these would let us keep the nice, simple HTML discovery
mechanism for 2.0.

Thoughts or ideas?

Josh



More information about the specs mailing list