DRAFT 11 -> FINAL?
Recordon, David
drecordon at verisign.com
Wed Jan 31 21:14:25 UTC 2007
I'm happy changing it from "AJAX". I think it was originally used since
AJAX is a bit overloaded already and people normally understand the
"flashy non-reloading" sort of thing when saying it.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Rowan Kerr
Sent: Wednesday, January 31, 2007 12:50 PM
To: specs at openid.net
Subject: Re: DRAFT 11 -> FINAL?
On 1/31/07, Martin Atkins <mart at degeneration.co.uk> wrote:
> I think the spec is misusing the AJAX abbreviation a bit here, since
> the usual approach to doing this doesn't involve XMLHttpRequest at
> all, but instead works something like this:
*snip*
Yeah I've implemented a pure javascript demo this way (which works if
the OP does a http redirect back to the RP instead of submitting a
form).
> So no, this isn't really AJAX in the usual sense. As you noted, you
> can't do OpenID Auth client-side with XMLHttpRequest because of the
> same-origin restriction. You also can't do OpenID on the server
> because then the user's session cookie won't end up at the OP during
> the request. It still achieves the desired effect of doing an OpenID
> auth request without disturbing the current page, though.
So should wording other than AJAX be used in the spec?
Or do we just point to an explanation on the wiki.
-Rowan
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list