[OpenID] Backwards Compatibility

David Recordon david at sixapart.com
Mon Mar 16 17:23:39 UTC 2009 

Hey Carsten,
I agree with you.  It's time to make sure that 1.1 is clearly  
deprecated and that everyone implements 2.1 once it is completed.

--David

On Mar 10, 2009, at 1:28 PM, Carsten Pötter wrote:

> Allen Tom mentioned the wiki page of the OpenID 2.1 spec
> (http://wiki.openid.net/OpenID_Authentication_2_1) today. While I am
> not a developer I was curious and had a look at it. ;) Besides
> correcting errata "maintaining backwards compatibility with OpenID
> Authentication 2.0 to the greatest degree possible" is an aim of the
> spec as well. I think that's a good intention, though I'd like the
> next spec to be clear that both RP's and OP's have to support OpenID
> 2.0 as well.
>
> Compatibility to OpenID 1.1 was not required by the OpenID 2.0 spec:
> "OpenID Authentication 2.0 implementations SHOULD support OpenID
> Authentication 1.1 compatibility, unless security considerations make
> it undesirable"
> (http://openid.net/specs/openid-authentication-2_0.html#compat_mode).
> So currently, there are two specs out there, which is confusing to a
> lot of users. They try to log in to a RP with their Yahoo! account but
> can't because the RP is only supporting OpenID 1.1. People give in,
> write angry blog posts about OpenID being complicated, being just for
> geeks,... I guess, you all know those stories.
>
> When it was clear that Yahoo! (and later Google as well) was only
> supporting OpenID 2.0, I thought OpenID 1.1 implementations were
> quickly updated. But it seems, they're not. So it was a really bad
> idea, if there was a third spec around which didn't require
> compatibility to OpenID 2.0. I am aware that, e.g. Yahoo! wasn't
> supporting OpenID yet, if it had to comply with OpenID 1.1 as well (if
> I remember correctly, of course). So maybe the wording in the OpenID
> 2.0 spec was a compromise. I don't know, but it shouldn't happen
> again, I think.
>
> I hope, this post makes sense. Also maybe this is better suited for
> the specs list, but I'm not sure.
>
> Carsten
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list