OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)

Dick Hardt dick at sxip.com
Fri Nov 17 06:24:19 UTC 2006 

Hi John

So that a message can be more then 2K of data.

-- Dick

On 16-Nov-06, at 10:17 PM, John Kemp wrote:

> Hi Dick,
>
> My point is that I don't think requiring JS for a reasonable user
> experience is a good idea when considering the variety of browsers  
> that
> are deployed today, and I don't understand why it's necessary.
>
> I am interested to know why one would decide to restrict the protocol
> this way. Can you perhaps illuminate the reasoning?
>
> Cheers,
>
> - John
>
> Dick Hardt wrote:
>> Hi John
>>
>> Would you provide examples of those browsers? Testing we did 2 years
>> again indicated the JS redirect worked on all the platforms we  
>> tested on.
>>
>> -- Dick
>>
>> On 16-Nov-06, at 11:35 AM, John Kemp wrote:
>>
>>> Hi,
>>>
>>> Sorry I'm just reading this, but I just wanted to put in a point  
>>> very
>>> much in favour of NOT deprecating support for HTTP redirects in  
>>> OpenID
>>> 2.0.
>>>
>>> I'll note that requiring the user to press a 'submit' button to  
>>> "push"
>>> seems like a dodgy UI strategy. So then you require JavaScript to
>>> produce a reasonable user experience.
>>>
>>> Well, as a representative from the mobile community, I'll tell  
>>> you that
>>> there are quite a few browsers out there (on deployed mobile phones)
>>> that still don't support JS in any useful way!
>>>
>>> So with OpenID 2.0, you may now be requiring many users to click  
>>> a form
>>> submit.
>>>
>>> Regards,
>>>
>>> - John
>>>
>>> Johannes Ernst wrote:
>>>> Well, as I've said before, I strongly believe that tying  
>>>> authentication
>>>> to one particular HTTP verb is a bad idea, and unnecessary.
>>>>
>>>> I also believe that involving JavaScript in what is  
>>>> fundamentally an
>>>> HTTP-level kind of protocol is a hack. It very likely is either
>>>> unnecessary or points to a flaw in the conceptual model of the  
>>>> protocol,
>>>> or both.
>>>>
>>>> The same may be true about having different protocols for thin- 
>>>> client
>>>> and rich-client.
>>>>
>>>> Having said that, I am not making this point more strongly than  
>>>> I have
>>>> because I don't think these issues are fatal and I don't want to  
>>>> raise
>>>> more issues that delay OpenID 2.0 auth further. So I will log  
>>>> this as a
>>>> bug against auth 2.0 as soon as it is published (and as soon as  
>>>> there is
>>>> a place where to file bugs against the spec ;-)) but will bite  
>>>> my tongue
>>>> in the meantime.
>>>>
>>>>
>>>> On Nov 12, 2006, at 20:29, Dick Hardt wrote:
>>>>
>>>>>
>>>>> On 12-Nov-06, at 8:19 PM, Adam Nelson wrote:
>>>>>
>>>>>> Hi Dick:
>>>>>>
>>>>>>> I think REST support is a really useful feature, and have  
>>>>>>> described
>>>>>>> how that might happen in the past, but right now we are pretty
>>>>>>> focussed on getting browser based auth finalized, and I think  
>>>>>>> the
>>>>>>> mechanisms for rich clients will be related, but slightly  
>>>>>>> different.
>>>>>>
>>>>>> That all makes sense, thanks.  Is that to say that rich client  
>>>>>> support
>>>>>> isn't a goal of v2.0 of the spec, or just a goal subsequent to  
>>>>>> the
>>>>>> conclusion of browser-based auth?
>>>>>
>>>>> Not a goal of OpenID Authentication 2.0
>>>>>
>>>>> I think it would make sense to make it a separate document, and  
>>>>> would
>>>>> value your involvement!
>>>>>
>>>>> -- Dick
>>>>> _______________________________________________
>>>>> specs mailing list
>>>>> specs at openid.net
>>>>> http://openid.net/mailman/listinfo/specs
>>>>
>>>>
>>>>
>>>> Johannes Ernst
>>>> NetMesh Inc.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------- 
>>>> -----
>>>>
>>>>
>>>> ------------------------------------------------------------------- 
>>>> -----
>>>>
>>>>  http://netmesh.info/jernst
>>>>
>>>>
>>>> ------------------------------------------------------------------- 
>>>> -----
>>>>
>>>> _______________________________________________
>>>> specs mailing list
>>>> specs at openid.net
>>>> http://openid.net/mailman/listinfo/specs
>>>
>>> _______________________________________________
>>> specs mailing list
>>> specs at openid.net
>>> http://openid.net/mailman/listinfo/specs
>>>
>>>
>>
>
>

More information about the specs mailing list