[PROPOSAL] bare response / bare request

Recordon, David drecordon at verisign.com
Thu Oct 19 12:40:52 UTC 2006


Hi Chris,
It seems Dick marked it as deprecated when he made a new proposal
(http://openid.net/pipermail/specs/2006-October/000430.html).

I'd love to see the OpenIDHTTPAuth proposal standardized.  I think it
would enable a lot of interesting things.  Want to lead that with Mart?
I'm happy to help you guys get it in the XML format and up on the
website.

--David

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Chris Drake
Sent: Tuesday, October 17, 2006 2:50 PM
To: specs at openid.net
Subject: [PROPOSAL] bare response / bare request

Hi,

Why's this proposal "depreciated" ?
( http://www.lifewiki.net/openid/OpenIDProposals )

I'm casting my vote here:

+1 to [PROPOSAL] bare response / bare request

Besides the listed uses, it also allows IdPs to layer privacy and
delegation easily on top of OpenID, as well as permitting cool future
features (like letting a user change something at their IdP, and have
that change be "pushed out" to all relevant RPs).

This is a small and simple to implement "hook" which I believe will be
the dominating bit of OpenID protocol use in future.

Alternatively - if we can standardize a way for the OpenIDHTTPAuth
proposed extension to discover the RP's OpenID "entry point" [so as to
reliably eliminate the "optional" first step proposed here
http://www.lifewiki.net/openid/OpenIDHTTPAuth ] - this is a good working
alterative way to accommodate the "bare response" part that we need.

So...

+1 to OpenIDHTTPAuth - on the proviso RP's publish an endpoint URL
                       that's somehow available to scripts, plugins,
                       software agents that encounter OpenID login
                       pages.

                       Suggestion: (for OpenID-enabled login pages):-

  <link rel="openid.httpauth" href="http://my.rp.com/openid/blah.cgi">


Kind Regards,
Chris Drake


Saturday, October 7, 2006, 9:52:36 AM, you wrote:

KT> On Fri, 2006-10-06 at 16:34 -0700, Drummond Reed wrote:
>> Let me play the dumb customer here and say:
>> 
>> * A whole lot of real-world users would love OpenID-enabled
bookmarks.
>> * A whole lot of websites would love to offer them.
>> * A whole lot of IdPs would love to provide them.

KT> Okay Customer, if both websites and IdPs would love it, is it okay 
KT> if it's something that websites + IdPs can layer on top of the core?

KT> If some sites chose not to, and the IdP said "login bookmark not 
KT> available for this site", would that be okay?


KT> _______________________________________________
KT> specs mailing list
KT> specs at openid.net
KT> http://openid.net/mailman/listinfo/specs



_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs




More information about the specs mailing list