openid feature bugs
Allen Tom
atom at yahoo-inc.com
Tue Nov 24 18:31:35 UTC 2009
Hi Emmanuel,
Have you looked at "stateless mode" as defined in the OpenID 2.0 spec?
OpenID Relying Parties that use stateless mode don't need to know anything
about signatures or negotiating the shared secret.
More info about stateless mode is here:
http://openid.net/specs/openid-authentication-2_0.html#check_auth
Regarding the XML response - Section 4 of the OpenID 2.0 spec already
defines the message format, which should be fairly easy for machines to
parse. Would XML (or JSON) make things significantly easier? At the very
least, specifying alternative message formats would make implementations
more complicated and also harder to debug. Interop would probably be more
complex as well.
Thanks,
Allen
On 11/23/09 7:46 AM, "Emmanuel MEIER" <emmanuel.meier at thalesgroup.com>
wrote:
>>
>> As a result, I submit the following request for features:
>> - standardisation of the version of the encryption algorythm for the
>> negotiated secret;
>> - the possibility to have a normalized XML response for unauthenticated
>> users.
More information about the specs
mailing list