OpenID Auth 2.0 and user-agent neutrality (or, OpenID with REST/SOAP)
Dick Hardt
dick at sxip.com
Sun Nov 19 22:08:26 UTC 2006
Hi Adam
Great start on the Wiki. Note that there are some efforts in IETF for
enhancing what can be done at the TLS layer for authentication which
would enable the same mechanism to be used not only for HTTP, but for
SMTP, POP3, IMAP ...
Also, most REST implementations have a process for acquiring a token,
and then including that token in the XML message. What do you think
of tweaking the existing OpenID Authentication response so that the
RP returns a token for use in later calls?
-- Dick
On 19-Nov-06, at 8:08 AM, Adam Nelson wrote:
> Wow, I certainly didn't expect this thread to turn into the a
> referendum on the GET/POST schemes.
>
> I spent some time gathering possible approaches, and put the initial
> version up on the wiki at
> http://openid.net/wiki/index.php/REST/SOAP/HTTP_Bindings . Imho,
> extending HTTP authentication is worth investigating, and that's where
> I'll focus some prototyping efforts, however I'm sure other opinions
> will vary.
>
> Also note that my OP was regarding the use of OpenID with REST/SOAP
> APIs, not whether the POST approach is the right one going forward for
> use within browsers. I very much doubt that extending HTTP
> authentication is viable for use within browsers, since without an
> extension of some kind no browser will know how to authenticate
> OpenID.
>
> As to POST or GET, I share the same aesthetic objections to the
> POST-only approach, but my focus is on using OpenID with REST.
>
> Adam
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
More information about the specs
mailing list