Yes, I understand that a GSS-API implementation isn't required, but the GS2 header usage in the non-GSS case starts introducing it a bit early, although I understand there is some genericity to the information included in this header…
My only concern with the draft (albeit a quick read) is that I saw a sentence that says: "The client now sends the URL it received to a browser for processing. " I would rather not have to rely on a browser, if possible. I think OpenID Connect supports a pure REST API model. Randy On Sep 3, 2012, at 10:06 AM, Alexey Melnikov <[email protected]> wrote: > > On 03/09/2012 17:58, Randy Turner wrote: >> Looked at this draft, and it is based on traditional OpenID and GSS-API (an >> API I've never been a fan of :) > > You don't need to implement or use GSS-API in order to implement the RFC. > >> I'm wondering is something more API/REST-friendly like a solution based on >> OpenID Connect might be more attractive… >> >> http://openid.net/connect >> >> Randy >> >> >> On Sep 3, 2012, at 3:24 AM, Peter Saint-Andre wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 9/2/12 12:35 PM, Ivan Martinez wrote: >>>> Hello all, I'm thiking of making it possible to log into my XMPP >>>> server with OpenID accounts. Is there any existing standard about >>>> this?. I have seen the discussion from June 2009: >>>> >>>> http://mail.jabber.org/pipermail/jdev/2009-June/thread.html#87693 >>>> >>>> Peter talked about working in a new draft, how did it turn out?. >>> Some other folks worked on that, and it turned into RFC 6616: >>> >>> https://datatracker.ietf.org/doc/rfc6616/ >>> >>> It was published only a few months ago, so probably it is not yet >>> widely implemented in SASL libraries or in XMPP servers and clients. >>> >>> Peter >>> >>> - -- Peter Saint-Andre >>> https://stpeter.im/ >>> > >
