[PROPOSAL] bare response / bare request
Dick Hardt
dick at sxip.com
Sun Oct 22 00:58:02 UTC 2006
On 19-Oct-06, at 11:24 AM, Martin Atkins wrote:
> Dick Hardt wrote:
>> Motivating Use Case
>> ----------------------------
>> The IdP would like to allow the user to click a link on the IdP to
>> login to an RP. This requires a bare response to be able to be sent.
>> A Trusted Party, acting as an RP would like to store a value at the
>> IdP, but does not need the IdP to send the user back, a bare request
>> is needed.
>>
>>
>> Proposed Implementation
>> -----------------------------------
>> bare request: if the openid.return_to parameter is missing or blank,
>> then the IdP will not send the user back to the RP
>>
>> bare response: sending a bare response is valid (not sure we need to
>> do anything more then say it is OK to do)
>
> It sounds to me that this "bare response" thing is just a special case
> of the "rich clients" we're discussing right now in a separate thread.
> The IdP is just using redirects to make a dumb browser act like a rich
> client.
Yes, they are similar. Note that this particular proposal was
depreciated
Bare Response is:
http://openid.net/pipermail/specs/2006-October/000430.html
And I did see the Rich Client mechanism description using the same
mechanism.
>
> If rich clients were implemented in the way I've been promoting [1],
> IdPs would then be able to make use of the same mechanism.
>
>
> [1] http://openid.net/pipermail/specs/2006-October/000596.html
More information about the specs
mailing list