[OpenID] About Facebook, MySpace and OpenID
john.bradley at wingaa.com
Fri Apr 3 23:52:59 UTC 2009
Don't get me started on OPs that are not returning AX attributes in
the signed part of the response:)
Or using deprecated AX URI.
You did get the wire level correct.
It is the higher level User/RP/OP interaction around the notions of
required and if_available where we see divergence between OP's and
corresponding issues with RPs not being certain of what will happen if
they as for required attributes at any given OP.
On 3-Apr-09, at 4:25 PM, Breno de Medeiros wrote:
> It is certainly true of the Google team that we tried to optimize
> the UI for non-OpenID-savvy users (which will be the vast majority
> in our case). It is also true that we thought we were fully
> compliant with the AX spec. To put it another way, RPs that 'break'
> as a result of our behavior would be in violation of the AX spec as
> currently written.
More information about the general