Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

The Road to 2.0: OpenID Delegation

The final “implementors draft” of OpenID Authentication 2.0 was released today. With 2.0 nearly apon us, it seems like a good time to explore some of the user-visible changes that are coming. I'm intending to write a short series of posts on various aspects of this, the first of which is this post discussing delegation.

Delegation has, if the buzz in blogs, write-ups and presentations is anything to go by, been one of the most popular features of OpenID 1.1 amongst early adopters. This is perhaps unsurprising since it truly puts the control of your identity in your own hands, and yet it's so simple to implement: you just hack in a couple of HTML tags into the head of your index page on your site. So what's the delegation story in 2.0?

I'm happy to report that things haven't changed a great deal for delegation in 2.0. It's still just as simple as it always was, though you will need to make some adjustments to your two OpenID link tags to take advantage of any OpenID 2 features offered by your provider. Officially this feature has been renamed to “OP-local identifiers” in the 2.0 specification, but since that's such an awkward name I'm just going to go on calling it delegation for now, and I think you should too!

The adjustments you need to make are simple. You just need to add the new 2.0-specified rel keywords in addition to the 1.0 ones, leaving you with something like this:

     <link rel="openid.server openid2.provider"
     <link rel="openid.delegate openid2.local_id"

When an OpenID2-enabled site sees those new rel values it'll know to talk the 2.0 protocol to your provider, thus making the 2.0 features available to you. However, you must not make these changes until your provider has been updated to support the 2.0 protocol, or else you may find yourself unable to log in at 2.0-enabled consumer sites.

There's no rush to do this, as the 2.0 specification mandates that all 2.0 implementations must also support the current 1.1 spec. You won't be able to use the new features, but you will be able to go on logging in as you can today, even on 2.0-enabled sites.

Tags: identity, openid, web

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Version Targetting for IE8 and beyond

    On A List Apart today is an article on how IE8 will selectively enable its new rendering engine. The executive summary is that pages will now be…

  • Apple asserts patents over “canvas” element

    According to a message apparently sent from Apple's patent department, Apple is asserting patents over the “canvas” HTML element. This element was…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.