Hi Dick, My point is that I don't think requiring JS for a reasonable user experience is a good idea when considering the variety of browsers that are deployed today, and I don't understand why it's necessary.
I am interested to know why one would decide to restrict the protocol this way. Can you perhaps illuminate the reasoning? Cheers, - John Dick Hardt wrote: > Hi John > > Would you provide examples of those browsers? Testing we did 2 years > again indicated the JS redirect worked on all the platforms we tested on. > > -- Dick > > On 16-Nov-06, at 11:35 AM, John Kemp wrote: > >> Hi, >> >> Sorry I'm just reading this, but I just wanted to put in a point very >> much in favour of NOT deprecating support for HTTP redirects in OpenID >> 2.0. >> >> I'll note that requiring the user to press a 'submit' button to "push" >> seems like a dodgy UI strategy. So then you require JavaScript to >> produce a reasonable user experience. >> >> Well, as a representative from the mobile community, I'll tell you that >> there are quite a few browsers out there (on deployed mobile phones) >> that still don't support JS in any useful way! >> >> So with OpenID 2.0, you may now be requiring many users to click a form >> submit. >> >> Regards, >> >> - John >> >> Johannes Ernst wrote: >>> Well, as I've said before, I strongly believe that tying authentication >>> to one particular HTTP verb is a bad idea, and unnecessary. >>> >>> I also believe that involving JavaScript in what is fundamentally an >>> HTTP-level kind of protocol is a hack. It very likely is either >>> unnecessary or points to a flaw in the conceptual model of the protocol, >>> or both. >>> >>> The same may be true about having different protocols for thin-client >>> and rich-client. >>> >>> Having said that, I am not making this point more strongly than I have >>> because I don't think these issues are fatal and I don't want to raise >>> more issues that delay OpenID 2.0 auth further. So I will log this as a >>> bug against auth 2.0 as soon as it is published (and as soon as there is >>> a place where to file bugs against the spec ;-)) but will bite my tongue >>> in the meantime. >>> >>> >>> On Nov 12, 2006, at 20:29, Dick Hardt wrote: >>> >>>> >>>> On 12-Nov-06, at 8:19 PM, Adam Nelson wrote: >>>> >>>>> Hi Dick: >>>>> >>>>>> I think REST support is a really useful feature, and have described >>>>>> how that might happen in the past, but right now we are pretty >>>>>> focussed on getting browser based auth finalized, and I think the >>>>>> mechanisms for rich clients will be related, but slightly different. >>>>> >>>>> That all makes sense, thanks. Is that to say that rich client support >>>>> isn't a goal of v2.0 of the spec, or just a goal subsequent to the >>>>> conclusion of browser-based auth? >>>> >>>> Not a goal of OpenID Authentication 2.0 >>>> >>>> I think it would make sense to make it a separate document, and would >>>> value your involvement! >>>> >>>> -- Dick >>>> _______________________________________________ >>>> specs mailing list >>>> [email protected] >>>> http://openid.net/mailman/listinfo/specs >>> >>> >>> >>> Johannes Ernst >>> NetMesh Inc. >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> ------------------------------------------------------------------------ >>> >>> http://netmesh.info/jernst >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> specs mailing list >>> [email protected] >>> http://openid.net/mailman/listinfo/specs >> >> _______________________________________________ >> specs mailing list >> [email protected] >> http://openid.net/mailman/listinfo/specs >> >> > _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
