[PROPOSAL] bare response / bare request
Recordon, David
drecordon at verisign.com
Thu Oct 19 12:40:52 UTC 2006
Hi Chris,
It seems Dick marked it as deprecated when he made a new proposal
(http://openid.net/pipermail/specs/2006-October/000430.html).
I'd love to see the OpenIDHTTPAuth proposal standardized. I think it
would enable a lot of interesting things. Want to lead that with Mart?
I'm happy to help you guys get it in the XML format and up on the
website.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Chris Drake
Sent: Tuesday, October 17, 2006 2:50 PM
To: specs at openid.net
Subject: [PROPOSAL] bare response / bare request
Hi,
Why's this proposal "depreciated" ?
( http://www.lifewiki.net/openid/OpenIDProposals )
I'm casting my vote here:
+1 to [PROPOSAL] bare response / bare request
Besides the listed uses, it also allows IdPs to layer privacy and
delegation easily on top of OpenID, as well as permitting cool future
features (like letting a user change something at their IdP, and have
that change be "pushed out" to all relevant RPs).
This is a small and simple to implement "hook" which I believe will be
the dominating bit of OpenID protocol use in future.
Alternatively - if we can standardize a way for the OpenIDHTTPAuth
proposed extension to discover the RP's OpenID "entry point" [so as to
reliably eliminate the "optional" first step proposed here
http://www.lifewiki.net/openid/OpenIDHTTPAuth ] - this is a good working
alterative way to accommodate the "bare response" part that we need.
So...
+1 to OpenIDHTTPAuth - on the proviso RP's publish an endpoint URL
that's somehow available to scripts, plugins,
software agents that encounter OpenID login
pages.
Suggestion: (for OpenID-enabled login pages):-
<link rel="openid.httpauth" href="http://my.rp.com/openid/blah.cgi">
Kind Regards,
Chris Drake
Saturday, October 7, 2006, 9:52:36 AM, you wrote:
KT> On Fri, 2006-10-06 at 16:34 -0700, Drummond Reed wrote:
>> Let me play the dumb customer here and say:
>>
>> * A whole lot of real-world users would love OpenID-enabled
bookmarks.
>> * A whole lot of websites would love to offer them.
>> * A whole lot of IdPs would love to provide them.
KT> Okay Customer, if both websites and IdPs would love it, is it okay
KT> if it's something that websites + IdPs can layer on top of the core?
KT> If some sites chose not to, and the IdP said "login bookmark not
KT> available for this site", would that be okay?
KT> _______________________________________________
KT> specs mailing list
KT> specs at openid.net
KT> http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list