Final outstanding issues with the OpenID 2.0Authenticationspecification
Johnny Bufu
johnny at sxip.com
Fri May 18 19:07:30 UTC 2007
David,
On 18-May-07, at 11:09 AM, Recordon, David wrote:
> Hey Marius,
> Good point, committed a patch so please review! :)
On 18-May-07, at 11:08 AM, drecordon at openid.net wrote:
> + <t>
> + As discussed in the <xref
> + target="compat_mode">OpenID Authentication 1.1
> + Compatibility mode</xref> section, these discovery tags
> + are not the same as in previous versions of the protocol.
> + While the same data is conveyed, the names have
> changed which
> + allows a Relying Party to determine the protocol version
> + being used. A Relying Party MAY encounter a Claimed
> Identifier
> + which uses HTML-Based Discovery to advertise both
> version 1.1
> + and 2.0 Providers.
> + </t>
I believe we should make the above a bit more 'normative' for what
the discovery elements should contain, rather than just warning RPs
about what they MAY encounter. The qualifier for backwards
compatibility is SHOULD / RECOMMENDED through the rest of the spec,
so I propose we replace your text with:
> For backwards compatibility, if supported by the OP, the HEAD
> section of the document SHOULD also include OpenID 1.x discovery
> elements:
>
> A <LINK> tag with attributes "rel" set to "openid.server" and
> "href" set to an OP Endpoint URL
> A <LINK> tag with attributes "rel" set to "openid.delegate" and
> "href" set to the end user's OP-Local Identifier
>
> The protocol version when HTML discovery [...] an OpenID 1.x
> endpoint is "http://openid.net/signon/1.1".
Johnny
More information about the specs
mailing list