Difference between 1.0 and 1.1

James Henstridge james at jamesh.id.au
Wed Mar 12 15:14:17 UTC 2008


On 12/03/2008, techtonik <techtonik at php.net> wrote:
> So, if I understand correctly there is no way for consumer to detect which
> version - 1.0 or 1.1 is used in HTML delegation case, because delegation
> tags are the same, i.e.
>
>
> <link rel="openid.server"
> href="http://www.livejournal.com/openid/server.bml">
> <link rel="openid.delegate"
> href="http://exampleuser.livejournal.com/"> so in my case
> Drupal consumer decides that either 1.0 or 1.1 version of specification is
> used and makes a request to OpenID server with openid.ns set to either
> "http://openid.net/signon/1.1" or "http://openid.net/signon/1.0". But 1.1
> OpenID server doesn't know anything about openid.ns, because it was added
> only in 2.0  Therefore server fails to authenticate and this should be
> considered a bug in consumer, which should not send openid.ns at all. If
> everything above is right then where is the logic and what are the reasons
> for consumer to send openid.ns="http://openid.net/signon/1.1" at all?

OpenID 1.x messages do not contain an openid.ns field.  That field was
introduced in OpenID 2.0, and states that "All messages in OpenID
Authentication 1.1 omit the "openid.ns" parameter".

If you are sending requests with openid.ns set to anything other than
"http://specs.openid.net/auth/2.0" you are going to run into trouble.

James.



More information about the specs mailing list