RFC: Final outstanding issues with the OpenID 2.0 Authentication specification
Dmitry Shechtman
damnian at gmail.com
Fri May 18 07:47:16 UTC 2007
> As of today browsers are forced to make untenable assumptions to
> detect OPs or RPs. Read
> http://openid.net/specs/openid-authentication-2_0-11.html#initiation:
> "The form field's "name" attribute SHOULD have the value
> "openid_identifier" is the only point for a browser to grip the
> protocol. (And the field name is different from OpenID1.x)
Indeed. Here's a suggestion that floated during that talk.
The form field:
a. SHOULD have "openid_identifier" as its "name" attribute's value,
b. MUST have "openid" as a substring its "name" attribute's value and
c. SHOULD be the only field in the entire document to satisfy (b).
Regards,
Dmitry
=damnian
More information about the specs
mailing list