OpenID/OAuth hybrid - discovery

Breno de Medeiros breno at
Tue Nov 25 02:31:47 UTC 2008

On Mon, Nov 24, 2008 at 6:29 PM, Manger, James H
<James.H.Manger at> wrote:
> Breno,
>> The fact that the OP indicates support for hybrid has nothing to do
>> with directed identity, of whether or not they use the same XRDS file.
> What is section "5 Discovery" for?
> Is it supposed to allow an app (after finding a user's OP) to make additional requests to get the OP's metadata to see if it supports the hybrid protocol?
> Learning just that an OP supports the hybrid protocol (without any indication of the associated protected resources) seems to be of minimal value.

Yes. However, when OAuth discovery happens (and the standardization
effort is under way) it will much more than minimal value.
Standardizing OAuth discovery is not in scope for this spec, but
standardizing hybrid support indication is.

> James Manger
> James.H.Manger at
> Identity and security team — Chief Technology Office — Telstra
> _______________________________________________
> specs mailing list
> specs at


+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)

More information about the specs mailing list