[OpenID] Yahoo issue
Peter Williams
pwilliams at rapattoni.com
Wed Feb 6 19:23:29 UTC 2008
out of interest, is Yahoo "compliant" for refusing to interwork with an RP using communicating the assertion consumer URL as an ip address, or a non public domain-name?
Now that there is critcal mass of adoption, the interoperability (vs security policy focussed MAY rules) will need to keep getting documented, balancing security vs out of the box interoperability between arbitary sites.
________________________________
From: general-bounces at openid.net on behalf of Johnny Bufu
Sent: Wed 2/6/2008 10:59 AM
To: Allen Tom
Cc: general at openid.net
Subject: Re: [OpenID] Yahoo issue
On 6-Feb-08, at 10:51 AM, Allen Tom wrote:
> My understanding of Section 7.3 of the OpenID 2.0 spec is that
> Yadis discovery must be supported, and that RPs must implement
> Yadis discovery before defaulting to HTML discovery.
Correct: mandatory for RPs, optional for OPs.
> Shane B Weeden wrote:
>> That is probably just a sign that the site doesn't support XRDS
>> discovery, and after all this is an optional part of the RP spec.
>> Plenty of RP implementations don't, particularly 1.1 RP's.
1.x RPs not supporting Yadis discovery are okay, since Yadis is not
specified in 1.x.
2.0 RPs not supporting Yadis are not compliant.
Johnny
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list