On 18-Nov-06, at 2:25 PM, John Kemp wrote: > Dick Hardt wrote: >> >> On 18-Nov-06, at 1:56 PM, John Kemp wrote: >> >>>> It is mentioned that the two methods may be composed, but I >>>> still don't >>>> see how the POST form submission can be automated (without >>>> JavaScript). >>>> Have I missed that part? >>> >>> My point is that an implementation can offer BOTH profiles, and >>> in cases >>> where it's likely that the browser cannot do JS, it's possible >>> for the >>> RP to attempt one instead of another. Again, this is about being >>> tolerant of different browsers. >> >> The POST methods meets all the requirements with a degradation in >> user >> experience for browsers without JS. >> If the user is running a browser without JS, then lots of other sites >> will not work well given the proliferation of JS in sites. >> This also keeps it simple for the RP since it is not having to guess >> what the user agent can do. >> >> We weighed all the options and moving to POST was the decision. I >> have >> not seen any new data that would lead me to change my position. > > But why deprecate support for redirects? I'd (still) like to see > OpenID > implementations that do support browsers without JS turned on .
As stated a number of times, because the payload is not big enough with GET redirects. It is with JS POST redirects. OpenID 1.1 did not have a large payload. We expect the payloads to be much larger with OpenID 2.0. We will see if the JS requirement is an issue. I do not think it is given what I know now. -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs