OpenID/OAuth hybrid - discovery
Breno de Medeiros
breno at google.com
Tue Nov 25 02:31:47 UTC 2008
On Mon, Nov 24, 2008 at 6:29 PM, Manger, James H
<James.H.Manger at team.telstra.com> wrote:
>> The fact that the OP indicates support for hybrid has nothing to do
>> with directed identity, of whether or not they use the same XRDS file.
> What is section "5 Discovery" for?
> Is it supposed to allow an app (after finding a user's OP) to make additional requests to get the OP's metadata to see if it supports the hybrid protocol?
> Learning just that an OP supports the hybrid protocol (without any indication of the associated protected resources) seems to be of minimal value.
Yes. However, when OAuth discovery happens (and the standardization
effort is under way) it will much more than minimal value.
Standardizing OAuth discovery is not in scope for this spec, but
standardizing hybrid support indication is.
> James Manger
> James.H.Manger at team.telstra.com
> Identity and security team — Chief Technology Office — Telstra
> specs mailing list
> specs at openid.net
+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)
More information about the specs