[OpenID] Backwards Compatibility

Peter Williams pwilliams at rapattoni.com
Mon Mar 16 23:41:24 UTC 2009 

You mean deprecation decisions and what ought to work with what were taken without the formality of a WG?

> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Nat
> Sent: Monday, March 16, 2009 3:30 PM
> To: Recordon David
> Cc: general at openid.net
> Subject: Re: [OpenID] Backwards Compatibility
>
> Is there any plan of AuhtN 2.1 WG? I think it should be started.
>
> =nat at TOKYO via iPhone
>
> On 2009/03/17, at 2:23, David Recordon <david at sixapart.com> wrote:
>
> > Hey Carsten,
> > I agree with you.  It's time to make sure that 1.1 is clearly
> > deprecated and that everyone implements 2.1 once it is completed.
> >
> > --David
> >
> > On Mar 10, 2009, at 1:28 PM, Carsten Pötter wrote:
> >
> >> Allen Tom mentioned the wiki page of the OpenID 2.1 spec
> >> (http://wiki.openid.net/OpenID_Authentication_2_1) today. While I am
> >> not a developer I was curious and had a look at it. ;) Besides
> >> correcting errata "maintaining backwards compatibility with OpenID
> >> Authentication 2.0 to the greatest degree possible" is an aim of the
> >> spec as well. I think that's a good intention, though I'd like the
> >> next spec to be clear that both RP's and OP's have to support OpenID
> >> 2.0 as well.
> >>
> >> Compatibility to OpenID 1.1 was not required by the OpenID 2.0 spec:
> >> "OpenID Authentication 2.0 implementations SHOULD support OpenID
> >> Authentication 1.1 compatibility, unless security considerations
> make
> >> it undesirable"
> >> (http://openid.net/specs/openid-authentication-
> 2_0.html#compat_mode).
> >> So currently, there are two specs out there, which is confusing to a
> >> lot of users. They try to log in to a RP with their Yahoo! account
> >> but
> >> can't because the RP is only supporting OpenID 1.1. People give in,
> >> write angry blog posts about OpenID being complicated, being just
> for
> >> geeks,... I guess, you all know those stories.
> >>
> >> When it was clear that Yahoo! (and later Google as well) was only
> >> supporting OpenID 2.0, I thought OpenID 1.1 implementations were
> >> quickly updated. But it seems, they're not. So it was a really bad
> >> idea, if there was a third spec around which didn't require
> >> compatibility to OpenID 2.0. I am aware that, e.g. Yahoo! wasn't
> >> supporting OpenID yet, if it had to comply with OpenID 1.1 as well
> >> (if
> >> I remember correctly, of course). So maybe the wording in the OpenID
> >> 2.0 spec was a compromise. I don't know, but it shouldn't happen
> >> again, I think.
> >>
> >> I hope, this post makes sense. Also maybe this is better suited for
> >> the specs list, but I'm not sure.
> >>
> >> Carsten
> >> _______________________________________________
> >> general mailing list
> >> general at openid.net
> >> http://openid.net/mailman/listinfo/general
> >
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list