DRAFT 11 -> FINAL?
Rowan Kerr
rowan at standardinteractive.com
Wed Jan 31 20:50:02 UTC 2007
On 1/31/07, Martin Atkins <mart at degeneration.co.uk> wrote:
> I think the spec is misusing the AJAX abbreviation a bit here, since the
> usual approach to doing this doesn't involve XMLHttpRequest at all, but
> instead works something like this:
*snip*
Yeah I've implemented a pure javascript demo this way (which works if
the OP does a http redirect back to the RP instead of submitting a
form).
> So no, this isn't really AJAX in the usual sense. As you noted, you
> can't do OpenID Auth client-side with XMLHttpRequest because of the
> same-origin restriction. You also can't do OpenID on the server because
> then the user's session cookie won't end up at the OP during the
> request. It still achieves the desired effect of doing an OpenID auth
> request without disturbing the current page, though.
So should wording other than AJAX be used in the spec?
Or do we just point to an explanation on the wiki.
-Rowan
More information about the specs
mailing list