[OpenID] HTML-Based Discovery incompatibilities
John Bradley
john.bradley at wingaa.com
Thu Jan 8 21:18:42 UTC 2009
Eran,
RP's are free to decide what openID's they accept.
My concern is getting them to adopt the new XRD discovery.
I think that user adoption and security concerns will eventually weed
out the older and less secure discovery options.
Some RP's may want to continue supporting rel links forever, however
new features available thorough XRD will not be available via that
method. I think it will naturally fall out of use.
I imagine that RPs will start ignoring insecure discovery. As you
say there is nothing like a conformance test for openID.
I just don't see it being officially deprecated in the near future.
We will have to live with rel, Yadis and XRD discovery in the spec for
some time.
=jbradley
On 8-Jan-09, at 5:54 PM, Eran Hammer-Lahav wrote:
>
> On 1/8/09 12:45 PM, "John Bradley" <john.bradley at wingaa.com> wrote:
>
>> I however don't see a move to deprecate the rel tags being
>> acceptable to the
>> community at this point.
>
> I would argue that the community that matters, i.e. end users, could
> not
> care less. It is dependency on features like this one that make
> OpenID less
> secure, harder to implement, less interoperable, and look ultra geeky.
>
> If I will have any influence on future RP adoption, I will do my
> best to
> make them ignore HTML discovery completely. After all, in OpenID, it
> doesn't
> seem to matter what the spec says anyway (unfortunately).
>
> EHL
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/548e276b/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/548e276b/attachment-0002.bin>
More information about the general
mailing list