[OpenID] Backwards Compatibility

Nat sakimura at gmail.com
Mon Mar 16 22:29:44 UTC 2009 

Is there any plan of AuhtN 2.1 WG? I think it should be started.

=nat at TOKYO via iPhone

On 2009/03/17, at 2:23, David Recordon <david at sixapart.com> wrote:

> Hey Carsten,
> I agree with you.  It's time to make sure that 1.1 is clearly  
> deprecated and that everyone implements 2.1 once it is completed.
>
> --David
>
> On Mar 10, 2009, at 1:28 PM, Carsten Pötter wrote:
>
>> Allen Tom mentioned the wiki page of the OpenID 2.1 spec
>> (http://wiki.openid.net/OpenID_Authentication_2_1) today. While I am
>> not a developer I was curious and had a look at it. ;) Besides
>> correcting errata "maintaining backwards compatibility with OpenID
>> Authentication 2.0 to the greatest degree possible" is an aim of the
>> spec as well. I think that's a good intention, though I'd like the
>> next spec to be clear that both RP's and OP's have to support OpenID
>> 2.0 as well.
>>
>> Compatibility to OpenID 1.1 was not required by the OpenID 2.0 spec:
>> "OpenID Authentication 2.0 implementations SHOULD support OpenID
>> Authentication 1.1 compatibility, unless security considerations make
>> it undesirable"
>> (http://openid.net/specs/openid-authentication-2_0.html#compat_mode).
>> So currently, there are two specs out there, which is confusing to a
>> lot of users. They try to log in to a RP with their Yahoo! account  
>> but
>> can't because the RP is only supporting OpenID 1.1. People give in,
>> write angry blog posts about OpenID being complicated, being just for
>> geeks,... I guess, you all know those stories.
>>
>> When it was clear that Yahoo! (and later Google as well) was only
>> supporting OpenID 2.0, I thought OpenID 1.1 implementations were
>> quickly updated. But it seems, they're not. So it was a really bad
>> idea, if there was a third spec around which didn't require
>> compatibility to OpenID 2.0. I am aware that, e.g. Yahoo! wasn't
>> supporting OpenID yet, if it had to comply with OpenID 1.1 as well  
>> (if
>> I remember correctly, of course). So maybe the wording in the OpenID
>> 2.0 spec was a compromise. I don't know, but it shouldn't happen
>> again, I think.
>>
>> I hope, this post makes sense. Also maybe this is better suited for
>> the specs list, but I'm not sure.
>>
>> Carsten
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list