Final outstanding issues with the OpenID 2.0Authenticationspecification

Recordon, David drecordon at verisign.com
Fri May 18 18:09:13 UTC 2007


Hey Marius,
Good point, committed a patch so please review! :)
http://openid.net/svn/diff.php?repname=specifications&path=%2Fauthentica
tion%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=325&sc=1

Thanks,
--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Marius Scurtescu
Sent: Friday, May 18, 2007 10:48 AM
To: Dmitry Shechtman
Cc: 'OpenID specs list'
Subject: Re: Final outstanding issues with the OpenID
2.0Authenticationspecification

On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote:

> 7.3.3. HTML-Based Discovery
>
> A <LINK> tag MUST be included with attributes "rel" set to 
> openid2.provider"
> and "href" set to an OP Endpoint URL
>
> A <LINK> tag MAY be included with attributes "rel" set to 
> "openid2.local_id"
> and "href" set to the end user's OP-Local Identifier
>
>
> Could somebody please enlighten me as to what's wrong with leaving 
> those as "openid.server" and "openid.delegate" respectfully (i.e.
> backward-compatible)?

The new attribute values are needed in order to signal an OpenID 2
provider.

But you bring up a good point, backwards compatibility can be easily
broken here.

In order to be backwards compatible the HTML page should have two sets
of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing to the
same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be able to use
the HTML page.

Probably the spec should say this in section 7.3.3 and give clear
instructions regarding OpenID 1.1 tags.

Marius

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs



More information about the specs mailing list