On Mar 24, 2006, at 12:57 PM, RL 'Bob' Morgan wrote:
FYI: Yadis and LID were explicitly designed to be usable by
software that doesn't have a GUI, and OpenID can be used that way
as well.
Another thing that might be said here is that there's nothing in
the SAML web browser profiles that requires a UI either. Though
the fact that identity-provider discovery is not covered in those
profiles (except for the Common Domain Cookie approach which is not
broadly applicable) does mean that in some deployments (not all by
any means) a UI is used to do discovery. The YADIS discovery
method could well be used to initiate a SAML web browser profile
flow too (and I think some people might even be working on how to
do this).
But the SAML browser profiles do require browser features that tend
not to be found in other HTTP user agents, or to put it in more of
standards way, are not required to be in them for compliance with
the HTTP-based spec they are implementing. It is my impression
that these specs (eg WebDAV) aren't actually very specific about
which HTTP user agent features are mandatory (though I could be
wrong about that), which if true may need fixing.
In the next version of WebDAV (just went through WG last call
recently so maybe it's almost done), we attempt to be more specific
about which HTTP features are mandatory, though some of our
discussions were inconclusive so we didn't add more restrictions in
every case.
Related to authentication, we required Digest support even in
RFC2518, so that didn't change.
There wouldn't be much of a chance at all to require HTML or forms
support -- which isn't even required of browsers. Heh.
Lisa
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
