[OpenID] My 2 Cents to the OpenID foundation
mart at degeneration.co.uk
Fri Apr 3 04:41:54 UTC 2009
John Bradley wrote:
> Myspace supports HMAC-SHA256 and DH-SHA256 for openID 2.0 in my testing.
> If they have a openID 2.0 interop issue please let me know and I will
> attempt to capture it in an OSIS interop test. However I am not seeing
> a problem with there associations, or anything else on a quick look.
I suspect the problem, then, is that the RPs I tried only support SHA1.
I know that's certainly true of LiveJournal and TypePad because I know
they run on Net::OpenID::Consumer for Perl, which currently has support
only for SHA1.
I'm intending to give Net::OpenID::Consumer and Net::OpenID::Server a
thorough review in the near future, since this is the second OpenID 2.0
feature I've found to be lacking support.
(The other being support for nonces; having a test for this in the test
suite would be useful, but some RPs may use RP-generated nonces and
ignore the server-provided nonce while still being secure, and it'd be
annoying to have them fail in that case.)
More information about the general