Backwards compatibility

Johannes Ernst at
Mon Sep 25 17:59:57 UTC 2006

>>  I don't understand why we should make it hard (impossible?) to  
>> use OpenID authentication with verbs other than POST.
> How would you propose OpenID use the other verbs?

If there a mechanism to authenticate an HTTP GET request (as OpenID  
1.1 provides, of course), use the exact same mechanism to  
authenticate any other verb. The authentication mechanism does not  
depend on which verb it is at all, and in my view, we should not  
introduce a dependency (auth on GET, or POST, or any other verb)  
where none is needed.

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <>
-------------- next part --------------

More information about the specs mailing list