[OpenID] Using HTTPS Openid Providers
Martin Atkins
mart at degeneration.co.uk
Sat Jun 16 10:17:45 UTC 2007
Peter Williams wrote:
> I don't like the use case reasoning as it appears to constrain the
> technical standard and the normative compliance agreements : it assumes
> OpenID will only ever be used in display-centric RPs. That is: ajax
> calls and flash iframes collecting xsl/xml resources are not allowed, if
> one goes down this track.
>
> I know, I know; social networking, wikis, blogs, and web2.0 are the
> roots of OpenID, where all the world is a browser. But, the movement is
> obviously professionalizing in OpenID2.0 beyond those (professional)
> application areas. Surely I can used the OPenID Protocol to get access
> granted to an RP that only delivers XML?
>
I'm not really seeing how this relates to the message you replied to,
but there are proposals[1][2][3][4][5] defining alternative versions of
various parts of the OpenID protocol that work outside of the
interactive web browser context.
There hasn't really been much interest in them so far, though, because
most people are focused on the current common case, which is webapps.
[1] Token Exchange Extension, demoed at IIW2007. (Is this available
somewhere?)
[2] http://openid.net/wiki/index.php/REST/SOAP/HTTP_Bindings
[3] http://openid.net/wiki/index.php/OpenID_Exchange_1.0
[4] http://openid.net/wiki/index.php/OpenID_HTTP_Authentication
[5] http://openid.net/wiki/index.php/Signature_Request_Protocol
More information about the general
mailing list