RFC: Final outstanding issues with the OpenID 2.0 Authenticationspecification
Recordon, David
drecordon at verisign.com
Fri May 18 17:52:02 UTC 2007
I think in the past the idea was giving the HTML "form" element a
specific name in addition to the text field. This thus makes it much
easier to detect.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Dmitry Shechtman
Sent: Friday, May 18, 2007 12:47 AM
To: 'Boris Erdmann'; 'Josh Hoyt'
Cc: 'OpenID specs list'
Subject: RE: RFC: Final outstanding issues with the OpenID 2.0
Authenticationspecification
> As of today browsers are forced to make untenable assumptions to
> detect OPs or RPs. Read
> http://openid.net/specs/openid-authentication-2_0-11.html#initiation:
> "The form field's "name" attribute SHOULD have the value
> "openid_identifier" is the only point for a browser to grip the
> protocol. (And the field name is different from OpenID1.x)
Indeed. Here's a suggestion that floated during that talk.
The form field:
a. SHOULD have "openid_identifier" as its "name" attribute's value, b.
MUST have "openid" as a substring its "name" attribute's value and c.
SHOULD be the only field in the entire document to satisfy (b).
Regards,
Dmitry
=damnian
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list