[OpenID] Backwards Compatibility

Carsten Pötter sccpffm at gmail.com
Mon Mar 16 18:48:48 UTC 2009 

Oh, the mail got through. Almost forgot about it and blogged that
stuff yesterday. ;)

Well, I guess you can't force people to implement 2.1. So if there is
no compatibility with 2.0 it will be a mess, really. I am sure someday
complete backwards compatibility wil be impossible but the newest
version of the spec should always be compatible with the former one.
Otherwise it will confuse users, at least currently.

I like Martin's approach. :)

Carsten

On Mon, Mar 16, 2009 at 6:23 PM, David Recordon <david at sixapart.com> wrote:
> Hey Carsten,
> I agree with you.  It's time to make sure that 1.1 is clearly deprecated and
> that everyone implements 2.1 once it is completed.
>
> --David
>
> On Mar 10, 2009, at 1:28 PM, Carsten Pötter wrote:
>
>> Allen Tom mentioned the wiki page of the OpenID 2.1 spec
>> (http://wiki.openid.net/OpenID_Authentication_2_1) today. While I am
>> not a developer I was curious and had a look at it. ;) Besides
>> correcting errata "maintaining backwards compatibility with OpenID
>> Authentication 2.0 to the greatest degree possible" is an aim of the
>> spec as well. I think that's a good intention, though I'd like the
>> next spec to be clear that both RP's and OP's have to support OpenID
>> 2.0 as well.
>>
>> Compatibility to OpenID 1.1 was not required by the OpenID 2.0 spec:
>> "OpenID Authentication 2.0 implementations SHOULD support OpenID
>> Authentication 1.1 compatibility, unless security considerations make
>> it undesirable"
>> (http://openid.net/specs/openid-authentication-2_0.html#compat_mode).
>> So currently, there are two specs out there, which is confusing to a
>> lot of users. They try to log in to a RP with their Yahoo! account but
>> can't because the RP is only supporting OpenID 1.1. People give in,
>> write angry blog posts about OpenID being complicated, being just for
>> geeks,... I guess, you all know those stories.
>>
>> When it was clear that Yahoo! (and later Google as well) was only
>> supporting OpenID 2.0, I thought OpenID 1.1 implementations were
>> quickly updated. But it seems, they're not. So it was a really bad
>> idea, if there was a third spec around which didn't require
>> compatibility to OpenID 2.0. I am aware that, e.g. Yahoo! wasn't
>> supporting OpenID yet, if it had to comply with OpenID 1.1 as well (if
>> I remember correctly, of course). So maybe the wording in the OpenID
>> 2.0 spec was a compromise. I don't know, but it shouldn't happen
>> again, I think.
>>
>> I hope, this post makes sense. Also maybe this is better suited for
>> the specs list, but I'm not sure.
>>
>> Carsten
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
>

More information about the general mailing list