>> Learning just that an OP supports the hybrid protocol >> (without any indication of the associated protected resources) >> seems to be of minimal value.
> Yes. However, when OAuth discovery happens (and the standardization > effort is under way) it will much more than minimal value. > Standardizing OAuth discovery is not in scope for this spec, but > standardizing hybrid support indication is. A future "OAuth discovery" could say: "This SP supports the hybrid protocol with this OP http://..." In this case section "5 Discovery" in the hybrid spec adds no value because the app already knows about the support. Or a future "OAuth discovery" might not mention OpenID. In this case section "5 Discovery" in the hybrid spec barely helps as there are no links between OP and SP. >> James Manger >> [EMAIL PROTECTED] >> Identity and security team — Chief Technology Office — Telstra _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs