Hi Emmanuel, Have you looked at "stateless mode" as defined in the OpenID 2.0 spec? OpenID Relying Parties that use stateless mode don't need to know anything about signatures or negotiating the shared secret.
More info about stateless mode is here: http://openid.net/specs/openid-authentication-2_0.html#check_auth Regarding the XML response - Section 4 of the OpenID 2.0 spec already defines the message format, which should be fairly easy for machines to parse. Would XML (or JSON) make things significantly easier? At the very least, specifying alternative message formats would make implementations more complicated and also harder to debug. Interop would probably be more complex as well. Thanks, Allen On 11/23/09 7:46 AM, "Emmanuel MEIER" <[email protected]> wrote: >> >> As a result, I submit the following request for features: >> - standardisation of the version of the encryption algorythm for the >> negotiated secret; >> - the possibility to have a normalized XML response for unauthenticated >> users. _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
