Service Key Discovery 1.0
Johnny Bufu
johnny at sxip.com
Tue Jan 22 20:39:03 UTC 2008
On 22-Jan-08, at 7:44 AM, Eran Hammer-Lahav wrote:
> At some point, we have to draw a line between the "simple" and
> "enhanced" solutions. There is baggage around XRI-related
> technologies, but it doesn't make sense to keep inventing new
> things just because people refuse to give it a chance.
>
> OpenID provides a simple way using HTTP requests. But once your
> needs are more complex than what 2.0 offers, looking at existing
> technologies is a better idea than keep inventing new ways of
> conducting business over HTTP parameters. Eventually, we are going
> to reach insanely long URIs with all those extensions. I question
> whether PKI information belongs in OpenID redirections.
One of the fixes/improvements in 2.0 was to make the POST redirects a
requirement, so that, albeit messages are still URL-encoded, the
potentially big data payloads live only in the POST DATA, and not in
the actual URLs that the browsers see.
Notably, however, blogger.com did not support POSTs at all (as of a
few weeks ago when I tested), so I'm not sure how effective this fix
will prove.
This is not to say I don't agree with your general point that
existing tools and technology should be used whenever that makes more
sense.
Johnny
More information about the specs
mailing list