Hi Adam Great start on the Wiki. Note that there are some efforts in IETF for enhancing what can be done at the TLS layer for authentication which would enable the same mechanism to be used not only for HTTP, but for SMTP, POP3, IMAP ...
Also, most REST implementations have a process for acquiring a token, and then including that token in the XML message. What do you think of tweaking the existing OpenID Authentication response so that the RP returns a token for use in later calls? -- Dick On 19-Nov-06, at 8:08 AM, Adam Nelson wrote: > Wow, I certainly didn't expect this thread to turn into the a > referendum on the GET/POST schemes. > > I spent some time gathering possible approaches, and put the initial > version up on the wiki at > http://openid.net/wiki/index.php/REST/SOAP/HTTP_Bindings . Imho, > extending HTTP authentication is worth investigating, and that's where > I'll focus some prototyping efforts, however I'm sure other opinions > will vary. > > Also note that my OP was regarding the use of OpenID with REST/SOAP > APIs, not whether the POST approach is the right one going forward for > use within browsers. I very much doubt that extending HTTP > authentication is viable for use within browsers, since without an > extension of some kind no browser will know how to authenticate > OpenID. > > As to POST or GET, I share the same aesthetic objections to the > POST-only approach, but my focus is on using OpenID with REST. > > Adam > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
