[OpenID] OpenID Exchange
Martin Atkins
mart at degeneration.co.uk
Wed Jan 17 08:03:09 UTC 2007
John Panzer wrote:
> John Panzer wrote:
>> ...
>>
>> I can't find the reference for OpenID Exchange, though -- is there
> Sorry for the spastic email. But I do have a followup regarding the
> reference:
>
> http://openid.net/wiki/index.php/OpenID_Exchange_1.0
>> Some servers/frameworks do not allow applications access to the
>> Authorization header
> I hope there are no frameworks which block access to Authorization; but
> if there are servers, or environments, which want to lock down
> authentication/authorization, how would the server administrators react
> to a protocol which tunnels around that block? Or is this a case where
> the default setting blocks access to the header for some reason?
>
That is mainly referring to the fact that CGI scripts under Apache don't
have any access to that header. This is much the same reason why WSSE
authentication was developed.
> > [1] Of course, the weblog platform will need to implement the "Post
> > to my weblog" protocol!
>
> There is such a protocol, which currently relies on HTTP
> authentication schemes because there's nothing both open and standard
> sitting out there to use:
>
> [reference to AtomPub protocol]
>
> Perhaps this is simply a matter of filling in the gaps?
I already specced out a rough draft protocol for this here:
<http://openid.net/wiki/index.php/Post_In_My_Weblog>
(I should probably have linked to that by now. Sorry!)
You will note that I'm already borrowing quite heavily from the POST
method in the AtomPub API. :)
Of course, the only implementation of this so far is my half-finished
endpoint implementation for LiveJournal, which re-uses parts of their
AtomAPI implementation. My existing demo just used a very simple
protocol based on application/www-form-urlencoded for simplicity's sake.
More information about the general
mailing list