OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)
John Kemp
frumioj at mac.com
Sat Nov 18 23:34:54 UTC 2006
Dick Hardt wrote:
>>
>> But why deprecate support for redirects? I'd (still) like to see OpenID
>> implementations that do support browsers without JS turned on .
>
>
> As stated a number of times, because the payload is not big enough with
> GET redirects. It is with JS POST redirects.
>
> OpenID 1.1 did not have a large payload. We expect the payloads to be
> much larger with OpenID 2.0.
I guess the payload size will vary according to the RP and IdP
implementations, no?
>
> We will see if the JS requirement is an issue. I do not think it is
> given what I know now.
Well, admittedly, if no-one except me thinks that redirects should be
supported in OpenID 2.0, then I certainly expect to lose that argument ;)
Cheers,
- John
More information about the specs
mailing list