Hi John So that a message can be more then 2K of data.
-- Dick On 16-Nov-06, at 10:17 PM, John Kemp wrote: > Hi Dick, > > My point is that I don't think requiring JS for a reasonable user > experience is a good idea when considering the variety of browsers > that > are deployed today, and I don't understand why it's necessary. > > I am interested to know why one would decide to restrict the protocol > this way. Can you perhaps illuminate the reasoning? > > Cheers, > > - John > > Dick Hardt wrote: >> Hi John >> >> Would you provide examples of those browsers? Testing we did 2 years >> again indicated the JS redirect worked on all the platforms we >> tested on. >> >> -- Dick >> >> On 16-Nov-06, at 11:35 AM, John Kemp wrote: >> >>> Hi, >>> >>> Sorry I'm just reading this, but I just wanted to put in a point >>> very >>> much in favour of NOT deprecating support for HTTP redirects in >>> OpenID >>> 2.0. >>> >>> I'll note that requiring the user to press a 'submit' button to >>> "push" >>> seems like a dodgy UI strategy. So then you require JavaScript to >>> produce a reasonable user experience. >>> >>> Well, as a representative from the mobile community, I'll tell >>> you that >>> there are quite a few browsers out there (on deployed mobile phones) >>> that still don't support JS in any useful way! >>> >>> So with OpenID 2.0, you may now be requiring many users to click >>> a form >>> submit. >>> >>> Regards, >>> >>> - John >>> >>> Johannes Ernst wrote: >>>> Well, as I've said before, I strongly believe that tying >>>> authentication >>>> to one particular HTTP verb is a bad idea, and unnecessary. >>>> >>>> I also believe that involving JavaScript in what is >>>> fundamentally an >>>> HTTP-level kind of protocol is a hack. It very likely is either >>>> unnecessary or points to a flaw in the conceptual model of the >>>> protocol, >>>> or both. >>>> >>>> The same may be true about having different protocols for thin- >>>> client >>>> and rich-client. >>>> >>>> Having said that, I am not making this point more strongly than >>>> I have >>>> because I don't think these issues are fatal and I don't want to >>>> raise >>>> more issues that delay OpenID 2.0 auth further. So I will log >>>> this as a >>>> bug against auth 2.0 as soon as it is published (and as soon as >>>> there is >>>> a place where to file bugs against the spec ;-)) but will bite >>>> my tongue >>>> in the meantime. >>>> >>>> >>>> On Nov 12, 2006, at 20:29, Dick Hardt wrote: >>>> >>>>> >>>>> On 12-Nov-06, at 8:19 PM, Adam Nelson wrote: >>>>> >>>>>> Hi Dick: >>>>>> >>>>>>> I think REST support is a really useful feature, and have >>>>>>> described >>>>>>> how that might happen in the past, but right now we are pretty >>>>>>> focussed on getting browser based auth finalized, and I think >>>>>>> the >>>>>>> mechanisms for rich clients will be related, but slightly >>>>>>> different. >>>>>> >>>>>> That all makes sense, thanks. Is that to say that rich client >>>>>> support >>>>>> isn't a goal of v2.0 of the spec, or just a goal subsequent to >>>>>> the >>>>>> conclusion of browser-based auth? >>>>> >>>>> Not a goal of OpenID Authentication 2.0 >>>>> >>>>> I think it would make sense to make it a separate document, and >>>>> would >>>>> value your involvement! >>>>> >>>>> -- Dick >>>>> _______________________________________________ >>>>> specs mailing list >>>>> specs@openid.net >>>>> http://openid.net/mailman/listinfo/specs >>>> >>>> >>>> >>>> Johannes Ernst >>>> NetMesh Inc. >>>> >>>> >>>> >>>> ------------------------------------------------------------------- >>>> ----- >>>> >>>> >>>> ------------------------------------------------------------------- >>>> ----- >>>> >>>> http://netmesh.info/jernst >>>> >>>> >>>> ------------------------------------------------------------------- >>>> ----- >>>> >>>> _______________________________________________ >>>> specs mailing list >>>> specs@openid.net >>>> http://openid.net/mailman/listinfo/specs >>> >>> _______________________________________________ >>> specs mailing list >>> specs@openid.net >>> http://openid.net/mailman/listinfo/specs >>> >>> >> > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
