[OpenID] On OpenID 2.0
Martin Atkins
mart at degeneration.co.uk
Mon Apr 30 18:07:29 UTC 2007
Granqvist, Hans wrote:
>
> * With 2.0 RP implementations almost non-existent in the
> field after more than ten months of spec work -- is there
> even a need for 2.0?
>
> * If you have a RP: why are you waiting with implementing
> 2.0? Is 1.1 good enough? Are you waiting for the spec
> to be final? Do security concerns hold you back?
>
This is an interesting point of discussion, actually.
What does 1.1 not do that we really wish it did? Is there anything we
can cut out of 2.0? Is there some way we can adjust 2.0 so that all 1.1
implementations are valid 2.0 implementations, while still retaining the
"must haves"?
To be honest, it's been so long since I thought about the 2.0 spec that
I've forgotten what the full list of new stuff is. Off the top of my
head I can think of:
* Directed identity aka "put in the URL of your IdP, not of you."
* A formalized extension mechanism
We also have Yadis discovery and XRI, but both have successfully been
backported to 1.1.
Is there anything I've forgotten? Can we just backport those two things
to 1.1 and call it 1.2?
I'm not suggesting we throw away the 2.0 spec, but more that we consider
whether it's possible to edit it so that it's less of a drastic jump?
On the other hand, if everyone's happy with 2.0 as-is then we might as
well just go ahead and publish it as final. No-one really seems that
enthusiastic about it, though.
More information about the general
mailing list