I really don't think we're disagreeing here. There should and will be more
places to discover OAuth endpoints, etc. But that's outside the scope of
this spec. All we're saying in this spec is that if discovery starts from a
user-supplied OpenID (not from a OAuth-protected resource, btw, which is
Section 5 Discovery of the OpenID/OAuth hybrid draft spec says
xrd:Typehttp://specs.openid.net/extensions/oauth/1.0/xrd:Type
should appear in the XRDS discovery document to indicate support for the
protocol.
This doesn't seem to be the right way around.
Discovery is performed on a user's
On Mon, Nov 24, 2008 at 5:34 PM, Manger, James H
[EMAIL PROTECTED] wrote:
Section 5 Discovery of the OpenID/OAuth hybrid draft spec says
xrd:Typehttp://specs.openid.net/extensions/oauth/1.0/xrd:Type
should appear in the XRDS discovery document to indicate support for the
protocol.
This
Breno,
The fact that the OP indicates support for hybrid has nothing to do
with directed identity, of whether or not they use the same XRDS file.
What is section 5 Discovery for?
Is it supposed to allow an app (after finding a user's OP) to make additional
requests to get the OP's metadata to
Dirk Balfanz wrote:
I'm not sure I understand what the commotion is about :-)
OAuth discovery (when it is done), will answer the question: given the
URL of a resource, where do I go to get access tokens for that resource.
The question answered by the XRD element described in Section 5 is
On Mon, Nov 24, 2008 at 10:06 PM, Martin Atkins [EMAIL PROTECTED]wrote:
Dirk Balfanz wrote:
I'm not sure I understand what the commotion is about :-)
OAuth discovery (when it is done), will answer the question: given the
URL of a resource, where do I go to get access tokens for that
Dirk Balfanz wrote:
We're defining an OpenID extension. Consumer will want to know whether
or not a given endpoint speaks that extension. That's all it's doing -
just like AX or PAPE have a section on discoverability. It also gives
consumers a way to look for the combined OpenID/OAuth
