Hi Adam The switch from GET to POST was made so that we were not constrained by the URL parameter payload limit.
As you point out, HTTP headers can be used for moving messages as well, but there was no clear mechanism to do that without modifying all the widely available browsers. I think REST support is a really useful feature, and have described how that might happen in the past, but right now we are pretty focussed on getting browser based auth finalized, and I think the mechanisms for rich clients will be related, but slightly different. -- Dick On 12-Nov-06, at 5:24 PM, Adam Nelson wrote: > I've been tracking OpenID auth from 1.0 with great interest. Last > summer Johannes Ernst explained to me how it was that one might use > openid to authenticate a non-interactive user agent such as a REST API > consumer by intercepting the RP's redirect and providing the info from > the IdP itself. Given OpenID's design goals (decentralized, > lightweight, flexible identity management), and its seemingly > inevitable adoption into the mashup-minded web 2.0 ecosystem (God help > me I'm buzzwording!), it seems to me that OpenID's value is > significantly enhanced if the identities it enables can be used to > authenticate to SOAP and REST APIs as well as interactive web sites. > > Having said that, I was surprised to note in draft 10 of OpenID Auth > 2.0 that the HTTP redirect method of communication between the RP and > the IdP is deprecated in favor of an HTML forms-based approach. This > suggests to me that OpenID Auth 2.0 is not compatible with REST or > SOAP or any other binding that doesn't involve the exchange, parsing, > and submission of HTML forms. > > I'm curious why this decision was made, and if its implications have > been fully considered. Has there been any thought given to an > alternative means of authentication, perhaps via custom HTTP headers > or some other non-HTML means? If not, does this mean OpenID is not > intended to support authentication to programmatic APIs? > > Thanks, > Adam > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs