[OpenID] The delegation story in OpenID 2.0
Johnny Bufu
johnny at sxip.com
Fri Jan 19 00:43:00 UTC 2007
On 18-Jan-07, at 3:49 PM, Dmitry Shechtman wrote:
>> OpenID2 is intended to be backwards-compatible with 1.1.
>
> If it is in fact backwards-compatible, it shouldn't introduce new
> tags.
This is not stated as a fact, rather as an intention as I quoted
above. The v2.0 spec also says that "OpenID Authentication 2.0
implementations SHOULD support OpenID Authentication 1.1
compatibility, unless security considerations make it undesirable."
>> However, if a RP wishes to use some extra functionality that was
>> added in 2.0, it would be useful for it to determine the capability
>> of it's peer during discovery. This is the reason for the different
>> tags for v1/v2 HTML discovery.
>
> Capabilities should be determined by the XRDS. I believe that was
> its exact
> purpose.
The regular joe blogger is more likely to be willing to put two HTML
tags on his blog page, rather than learn how to craft an XRDS
document. Exactly because of its simplicity was the HTML discovery
included as a fully supported discovery mechanism in OpenID 2.0.
Even if v2 were fully backwards-compatible with v1, since it does
have extra features, and HTML discovery is not just a "compatibility
mode" discovery method, the need arose to distinguish between the
capabilities of the OPs at this level.
I hope this doesn't still seem like total nonsense to you.
Johnny
More information about the general
mailing list