OpenID/OAuth hybrid - discovery

Manger, James H James.H.Manger at
Tue Nov 25 02:29:47 UTC 2008


> The fact that the OP indicates support for hybrid has nothing to do
> with directed identity, of whether or not they use the same XRDS file.

What is section "5 Discovery" for?
Is it supposed to allow an app (after finding a user's OP) to make additional requests to get the OP's metadata to see if it supports the hybrid protocol?

Learning just that an OP supports the hybrid protocol (without any indication of the associated protected resources) seems to be of minimal value.

James Manger
James.H.Manger at
Identity and security team — Chief Technology Office — Telstra

More information about the specs mailing list