Final outstanding issues with the OpenID 2.0 Authenticationspecification
Marius Scurtescu
marius at sxip.com
Fri May 18 17:47:56 UTC 2007
On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote:
> 7.3.3. HTML-Based Discovery
>
> A <LINK> tag MUST be included with attributes "rel" set to
> openid2.provider"
> and "href" set to an OP Endpoint URL
>
> A <LINK> tag MAY be included with attributes "rel" set to
> "openid2.local_id"
> and "href" set to the end user's OP-Local Identifier
>
>
> Could somebody please enlighten me as to what's wrong with leaving
> those as
> "openid.server" and "openid.delegate" respectfully (i.e.
> backward-compatible)?
The new attribute values are needed in order to signal an OpenID 2
provider.
But you bring up a good point, backwards compatibility can be easily
broken here.
In order to be backwards compatible the HTML page should have two
sets of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing
to the same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be
able to use the HTML page.
Probably the spec should say this in section 7.3.3 and give clear
instructions regarding OpenID 1.1 tags.
Marius
More information about the specs
mailing list