[OpenID] The delegation story in OpenID 2.0

Johnny Bufu johnny at sxip.com
Fri Jan 19 00:43:00 UTC 2007

On 18-Jan-07, at 3:49 PM, Dmitry Shechtman wrote:

>> OpenID2 is intended to be backwards-compatible with 1.1.
> If it is in fact backwards-compatible, it shouldn't introduce new  
> tags.

This is not stated as a fact, rather as an intention as I quoted  
above. The v2.0 spec also says that "OpenID Authentication 2.0  
implementations SHOULD support OpenID Authentication 1.1  
compatibility, unless security considerations make it undesirable."

>> However, if a RP wishes to use some extra functionality that was
>> added in 2.0, it would be useful for it to determine the capability
>> of it's peer during discovery. This is the reason for the different
>> tags  for v1/v2 HTML discovery.
> Capabilities should be determined by the XRDS. I believe that was  
> its exact
> purpose.

The regular joe blogger is more likely to be willing to put two HTML  
tags on his blog page, rather than learn how to craft an XRDS  
document. Exactly because of its simplicity was the HTML discovery  
included as a fully supported discovery mechanism in OpenID 2.0.

Even if v2 were fully backwards-compatible with v1, since it does  
have extra features, and HTML discovery is not just a "compatibility  
mode" discovery method, the need arose to distinguish between the  
capabilities of the OPs at this level.

I hope this doesn't still seem like total nonsense to you.


More information about the general mailing list