Final outstanding issues with the OpenID 2.0 Authenticationspecification
Martin Atkins
mart at degeneration.co.uk
Sun Jun 3 18:58:25 UTC 2007
Claus Färber wrote:
> Marius Scurtescu schrieb:
>> The new attribute values are needed in order to signal an OpenID 2
>> provider.
>
> Why is this necessary? Is OpenID 2 incompatible? In other words, what
> happens if an OpenID 2 Relying Party tries to talk to an OpenID 1.x
> Provider?
>
> If the OpenID 1.x Provider just ignores additional message fields (i.e.
> treats them like an unknown extension), then no new rel values are
> needed. If this is not the case, maybe the OID 2 spec can be changed to
> make it possible.
>
One incompatibility that springs to mind is that it is permissable to
talk to a 2.0 OP via a POST request with the arguments in the entity
body, while a 1.1 will likely barf on this since 1.1 only allowed for
GET requests with the arguments in the query string.
A 2.0 RP that uses a GET request and uses extension prefixes that match
the ad-hoc field names used for the 1.1 extensions could, in theory,
talk to a 1.1 OP without any problems. That is, unless I've missed
something. :)
More information about the specs
mailing list