[OpenID] About Facebook, MySpace and OpenID

John Bradley john.bradley at wingaa.com
Fri Apr 3 23:52:59 UTC 2009

Don't get me started on OPs that are not returning AX attributes in  
the signed part of the response:)

Or using deprecated AX URI.

You did get the wire level correct.

It is the higher level User/RP/OP interaction around the notions of  
required and if_available where we see divergence between OP's and  
corresponding issues with RPs not being certain of what will happen if  
they as for required attributes at any given OP.

John Bradley
On 3-Apr-09, at 4:25 PM, Breno de Medeiros wrote:

> It is certainly true of the Google team that we tried to optimize  
> the UI for non-OpenID-savvy users (which will be the vast majority  
> in our case). It is also true that we thought we were fully  
> compliant with the AX spec. To put it another way, RPs that 'break'  
> as a result of our behavior would be in violation of the AX spec as  
> currently written.

More information about the general mailing list