Re: Final outstanding issues with the OpenID 2.0Authenticationspecification
David, On 18-May-07, at 11:09 AM, Recordon, David wrote: > Hey Marius, > Good point, committed a patch so please review! :) On 18-May-07, at 11:08 AM, [EMAIL PROTECTED] wrote: > + > + As discussed in the +target="compat_mode">OpenID Authentication 1.1 > +Compatibility mode section, these discovery tags > +are not the same as in previous versions of the protocol. > +While the same data is conveyed, the names have > changed which > +allows a Relying Party to determine the protocol version > +being used. A Relying Party MAY encounter a Claimed > Identifier > +which uses HTML-Based Discovery to advertise both > version 1.1 > +and 2.0 Providers. > + I believe we should make the above a bit more 'normative' for what the discovery elements should contain, rather than just warning RPs about what they MAY encounter. The qualifier for backwards compatibility is SHOULD / RECOMMENDED through the rest of the spec, so I propose we replace your text with: > For backwards compatibility, if supported by the OP, the HEAD > section of the document SHOULD also include OpenID 1.x discovery > elements: > > A tag with attributes "rel" set to "openid.server" and > "href" set to an OP Endpoint URL > A tag with attributes "rel" set to "openid.delegate" and > "href" set to the end user's OP-Local Identifier > > The protocol version when HTML discovery [...] an OpenID 1.x > endpoint is "http://openid.net/signon/1.1";. Johnny ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Final outstanding issues with the OpenID 2.0Authenticationspecification
On 18-May-07, at 11:09 AM, Recordon, David wrote: > Hey Marius, > Good point, committed a patch so please review! :) > http://openid.net/svn/diff.php?repname=specifications&path=% > 2Fauthentica > tion%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=325&sc=1 That was fast :-) Looks good, but I would add to that a sentence stating that you SHOULD put both sets of tags when editing HTML pages in order to be backwards compatible. Thanks, Marius > > Thanks, > --David > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Marius Scurtescu > Sent: Friday, May 18, 2007 10:48 AM > To: Dmitry Shechtman > Cc: 'OpenID specs list' > Subject: Re: Final outstanding issues with the OpenID > 2.0Authenticationspecification > > On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote: > >> 7.3.3. HTML-Based Discovery >> >> A tag MUST be included with attributes "rel" set to >> openid2.provider" >> and "href" set to an OP Endpoint URL >> >> A tag MAY be included with attributes "rel" set to >> "openid2.local_id" >> and "href" set to the end user's OP-Local Identifier >> >> >> Could somebody please enlighten me as to what's wrong with leaving >> those as "openid.server" and "openid.delegate" respectfully (i.e. >> backward-compatible)? > > The new attribute values are needed in order to signal an OpenID 2 > provider. > > But you bring up a good point, backwards compatibility can be easily > broken here. > > In order to be backwards compatible the HTML page should have two sets > of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing to > the > same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be able > to use > the HTML page. > > Probably the spec should say this in section 7.3.3 and give clear > instructions regarding OpenID 1.1 tags. > > Marius > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Hey Marius, Good point, committed a patch so please review! :) http://openid.net/svn/diff.php?repname=specifications&path=%2Fauthentica tion%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=325&sc=1 Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marius Scurtescu Sent: Friday, May 18, 2007 10:48 AM To: Dmitry Shechtman Cc: 'OpenID specs list' Subject: Re: Final outstanding issues with the OpenID 2.0Authenticationspecification On 18-May-07, at 1:00 AM, Dmitry Shechtman wrote: > 7.3.3. HTML-Based Discovery > > A tag MUST be included with attributes "rel" set to > openid2.provider" > and "href" set to an OP Endpoint URL > > A tag MAY be included with attributes "rel" set to > "openid2.local_id" > and "href" set to the end user's OP-Local Identifier > > > Could somebody please enlighten me as to what's wrong with leaving > those as "openid.server" and "openid.delegate" respectfully (i.e. > backward-compatible)? The new attribute values are needed in order to signal an OpenID 2 provider. But you bring up a good point, backwards compatibility can be easily broken here. In order to be backwards compatible the HTML page should have two sets of tags one for OpenID 1.1 and one for OpenID 2.0, both pointing to the same OP endpoint URL. Otherwise an OpenID 1.1 RP will not be able to use the HTML page. Probably the spec should say this in section 7.3.3 and give clear instructions regarding OpenID 1.1 tags. Marius ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Hey Dmitry, When using Yadis you're able to advertise if you're speaking OpenID 1.1 or 2.0 and thus the RP know which version of the protocol the request should be made in. When using HTML-Based Discovery this is not possible unless the attributes are renamed or a third "version" tag is added which was not the preferred option. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Shechtman Sent: Friday, May 18, 2007 1:00 AM To: 'Josh Hoyt'; 'OpenID specs list' Subject: RE: Final outstanding issues with the OpenID 2.0Authenticationspecification 7.3.3. HTML-Based Discovery A tag MUST be included with attributes "rel" set to openid2.provider" and "href" set to an OP Endpoint URL A tag MAY be included with attributes "rel" set to "openid2.local_id" and "href" set to the end user's OP-Local Identifier Could somebody please enlighten me as to what's wrong with leaving those as "openid.server" and "openid.delegate" respectfully (i.e. backward-compatible)? Regards, Dmitry =damnian ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: Final outstanding issues with the OpenID 2.0Authenticationspecification
Please no talk of OpenID 3! If anything, 2.1 or the "next version". :) Thanks, --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Hoyt Sent: Thursday, May 17, 2007 2:05 PM To: Alaric Dailey Cc: OpenID specs list Subject: Re: Final outstanding issues with the OpenID 2.0Authenticationspecification On 5/17/07, Alaric Dailey <[EMAIL PROTECTED]> wrote: > I hate to be a PITA but these issues were brought up a while ago by > Eddy Nigg and Myself. I understand, but at that time, as now, I was trying to get the spec to be finished. We've been in something of an informal feature-freeze for a while. Perhaps we should have explicit feature-freezes. I'd suggest starting an OpenID 3 thread to talk about the features that you want to add. That way, you can start trying to convince people that your features should go in without having to battle with people like me who just want to have a stable spec release with the improvements that we already have. Josh ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs