This table shows the varying degrees of support by a few OpenID providers, both in terms of OpenID discovery and the OpenID protocols themselves. A detailed explanation of each is available below the table. The small “x” link next to each provider is the OpenID URL I used for testing.
Table Last Updated: Fri, 18 May 2012 05:24:41 +0000
Protocol Tests
Discovery Support
Discovery is the process by which a website advertises that it can be used as an OpenID Identifier, and in turn how OpenID consumers detect that information. The information can be embedded directly into the site’s HTML code, or in a separate metadata document. OpenID providers need not support every possible discovery method, but since many OpenID consumers only attempt discovery using a subset of the methods, it’s good to support as many as possible.
- content-type
-
The metadata document for the Identifier can be retrieved using HTTP content negotiation by sending the following header in the request:
Accept: application/xrds+xml - xrds-header
-
The URL for the metadata document is advertised in the HTTP response using the following response header:
X-XRDS-Location: http://example.com/path/to/xrds - xrds-html
-
The URL for the metadata document is advertised in the site’s HTML code using the following meta tag:
<meta http-equiv="X-XRDS-Location" content="http://example.com/path/to/xrds" /> - yadis-html
-
Identical to xrds-html, but using an older version of the http-equiv value:
<meta http-equiv="X-YADIS-Location" content="http://example.com/path/to/xrds" /> - openid-html
-
The OpenID server and delegate are advertised in the site’s HTML code using the following to link tags. If the delegate tag is omitted, the URL of the page itself is used.
<link rel="openid.server" href="http://example.com/openid_server" /> <link rel="openid.delegate" href="http://username.example.com/" /> - openid2-html
-
Identical to openid-html but uses rel values that indicate support for OpenID version 2.0.
<link rel="openid2.provider" href="http://example.com/openid_server" /> <link rel="openid2.local_id" href="http://username.example.com/" />
OpenID Protocol Support
As OpenID has matured over the years, multiple versions of the specification have been published. OpenID providers can advertise their support for different OpenID versions using any of the discovery methods above.
In addition, several specifications have been published which extend the functionality of OpenID. All of the OpenID extensions to date must be advertised in the metadata document for the OpenID Identifier.
It is important to note that this table only reflects which OpenID protocol versions and extensions are advertised by the OpenID provider. No attempt has been made to test the actual functionality of these protocols. That being said, it has been my experience OpenID providers do in fact support the protocols advertised.
- signon-10
-
The OpenID provider supports OpenID Authentication 1.0. OpenID 1.0 is wire-compatible with OpenID 1.1. Support for OpenID 1.0 is advertised by the following Service Type URL in the metadata document.
http://openid.net/signon/1.0 - signon-11
-
The OpenID provider supports OpenID Authentication 1.1.
Support for OpenID 1.1 is advertised in the site’s HTML or by the following Service Type URL in the metadata document.http://openid.net/signon/1.1 - signon-20
-
The OpenID provider supports OpenID Authentication 2.0.
OpenID 2.0 is not compatible with OpenID 1.x, though many providers support both protocols simultaneously.
Support for OpenID 2.0 is advertised in the site’s HTML or by the following Service Type URL in the metadata document.http://specs.openid.net/auth/2.0 - sreg-10
-
The OpenID provider supports Simple Registration 1.0.
Support is advertised by the following Service Type URL in the metadata document.http://openid.net/sreg/1.0 - sreg-11
-
The OpenID provider supports Simple Registration 1.1.
Support is advertised by the following Service Type URL in the metadata document.http://openid.net/extensions/sreg/1.1 - ax-10
-
The OpenID provider supports Attribute Exchange 1.0.
Support is advertised by the following Service Type URL in the metadata document.http://openid.net/srv/ax/1.0 - pape
-
The OpenID provider supports one or more of the authentication policies defined in Provider Authentication Policy Extension 1.0.
Support for each authentication policy is advertised individually in the metadata document.Support for “phishing resistant” is advertised using the following Service Type URL.
http://schemas.openid.net/pape/policies/2007/06/phishing-resistantSupport for “multi-factor authentication” is advertised using the following Service Type URL.
http://schemas.openid.net/pape/policies/2007/06/multi-factorSupport for “physical multi-factor authentication” is advertised using the following Service Type URL.
http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical