DRAFT 11 -> FINAL?

Josh Hoyt josh at janrain.com
Wed Jan 31 01:49:59 UTC 2007


On 1/30/07, Recordon, David <drecordon at verisign.com> wrote:
> Yeah, I'm not a big fan of openid2.* though it was the simplest method
> of fixing up HTML discovery to work with multiple protocol versions.  I
> know Josh thought about this more than I did though.

1. Before authentication is initiated, the RP needs to determine what
the protocol is. This could be done via discovery on the OP, but there
has been general rejection of adding yet another discovery step.

2. A user may have one service that provides OpenID 1 and another that
provides OpenID 2. If this is the case, then the version information
needs to be bound to the link tag that contains the information.

Given (1), the information needs to be embedded in the HTML markup.
Given (2), the information needs to be tied to the specific link tag.

For example:

  <link rel="openid.server" href="http://op.example.com/openid1">
  <link rel="openid2.provider" href="http://op.example.com/openid2">

vs.
  <link rel="openid.server" href="http://op.example.com/openid1">
  <link rel="openid.provider" href="http://op.example.com/openid2">
  <link rel="openid.protocol_version" href="http://specs.openid.net/auth/2.0">

While it is true that since the link relationship names changed, the
"openid2" is technically redundant, I think it is much clearer to
everybody what is going on if the link relationship contains the
version number. If the protocol version were to keep changing, I'd
argue for a different solution.

Josh



More information about the specs mailing list