OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)
Adam Nelson
anelson at apocryph.org
Sun Nov 19 16:08:30 UTC 2006
Wow, I certainly didn't expect this thread to turn into the a
referendum on the GET/POST schemes.
I spent some time gathering possible approaches, and put the initial
version up on the wiki at
http://openid.net/wiki/index.php/REST/SOAP/HTTP_Bindings . Imho,
extending HTTP authentication is worth investigating, and that's where
I'll focus some prototyping efforts, however I'm sure other opinions
will vary.
Also note that my OP was regarding the use of OpenID with REST/SOAP
APIs, not whether the POST approach is the right one going forward for
use within browsers. I very much doubt that extending HTTP
authentication is viable for use within browsers, since without an
extension of some kind no browser will know how to authenticate
OpenID.
As to POST or GET, I share the same aesthetic objections to the
POST-only approach, but my focus is on using OpenID with REST.
Adam
More information about the specs
mailing list