OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)

Johannes Ernst jernst+openid.net at netmesh.us
Mon Nov 13 18:48:31 UTC 2006 

Well, as I've said before, I strongly believe that tying  
authentication to one particular HTTP verb is a bad idea, and  
unnecessary.

I also believe that involving JavaScript in what is fundamentally an  
HTTP-level kind of protocol is a hack. It very likely is either  
unnecessary or points to a flaw in the conceptual model of the  
protocol, or both.

The same may be true about having different protocols for thin-client  
and rich-client.

Having said that, I am not making this point more strongly than I  
have because I don't think these issues are fatal and I don't want to  
raise more issues that delay OpenID 2.0 auth further. So I will log  
this as a bug against auth 2.0 as soon as it is published (and as  
soon as there is a place where to file bugs against the spec ;-)) but  
will bite my tongue in the meantime.


On Nov 12, 2006, at 20:29, Dick Hardt wrote:

>
> On 12-Nov-06, at 8:19 PM, Adam Nelson wrote:
>
>> Hi Dick:
>>
>>> I think REST support is a really useful feature, and have described
>>> how that might happen in the past, but right now we are pretty
>>> focussed on getting browser based auth finalized, and I think the
>>> mechanisms for rich clients will be related, but slightly different.
>>
>> That all makes sense, thanks.  Is that to say that rich client  
>> support
>> isn't a goal of v2.0 of the spec, or just a goal subsequent to the
>> conclusion of browser-based auth?
>
> Not a goal of OpenID Authentication 2.0
>
> I think it would make sense to make it a separate document, and would
> value your involvement!
>
> -- Dick
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs



Johannes Ernst
NetMesh Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061113/79a39aae/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061113/79a39aae/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the specs mailing list