Hi, Sorry I'm just reading this, but I just wanted to put in a point very much in favour of NOT deprecating support for HTTP redirects in OpenID 2.0.
I'll note that requiring the user to press a 'submit' button to "push" seems like a dodgy UI strategy. So then you require JavaScript to produce a reasonable user experience. Well, as a representative from the mobile community, I'll tell you that there are quite a few browsers out there (on deployed mobile phones) that still don't support JS in any useful way! So with OpenID 2.0, you may now be requiring many users to click a form submit. Regards, - John Johannes Ernst wrote: > Well, as I've said before, I strongly believe that tying authentication > to one particular HTTP verb is a bad idea, and unnecessary. > > I also believe that involving JavaScript in what is fundamentally an > HTTP-level kind of protocol is a hack. It very likely is either > unnecessary or points to a flaw in the conceptual model of the protocol, > or both. > > The same may be true about having different protocols for thin-client > and rich-client. > > Having said that, I am not making this point more strongly than I have > because I don't think these issues are fatal and I don't want to raise > more issues that delay OpenID 2.0 auth further. So I will log this as a > bug against auth 2.0 as soon as it is published (and as soon as there is > a place where to file bugs against the spec ;-)) but will bite my tongue > in the meantime. > > > On Nov 12, 2006, at 20:29, Dick Hardt wrote: > >> >> On 12-Nov-06, at 8:19 PM, Adam Nelson wrote: >> >>> Hi Dick: >>> >>>> I think REST support is a really useful feature, and have described >>>> how that might happen in the past, but right now we are pretty >>>> focussed on getting browser based auth finalized, and I think the >>>> mechanisms for rich clients will be related, but slightly different. >>> >>> That all makes sense, thanks. Is that to say that rich client support >>> isn't a goal of v2.0 of the spec, or just a goal subsequent to the >>> conclusion of browser-based auth? >> >> Not a goal of OpenID Authentication 2.0 >> >> I think it would make sense to make it a separate document, and would >> value your involvement! >> >> -- Dick >> _______________________________________________ >> specs mailing list >> specs@openid.net >> http://openid.net/mailman/listinfo/specs > > > > Johannes Ernst > NetMesh Inc. > > > > ------------------------------------------------------------------------ > > > ------------------------------------------------------------------------ > > http://netmesh.info/jernst > > > ------------------------------------------------------------------------ > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs