[Openid-specs-ab] Key-Value Form Encoding

Nat Sakimura sakimura at gmail.com
Wed Apr 14 08:07:05 UTC 2010


OpenID Authentication 2.0 uses proprietary Key-Value Form Encoding for the
Direct Communication Response.
It has limitations that it cannot wrap the value.
This is potentially a problem for some processors if the value happens
to be a very long string.
In OpenID Authn 2.0, it was not a problem because it was only used for
association
response and for verifying directly with the OpenID Provider where
returned response parameters are ns, is_valid, and invalidate_handle.

In our case, it can potentially be a problem because we carry anything that
an extension carries.

So, I would like to propose using JSON instead of Key-Value Form Encoding.

As you know, they are very close to each other. The delta being,
JSON requires

1) "{" and "}" at the beginning and the end of the file.
2) key and value must be quoted by double quote.

What would be the sentiment of the WG?

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en


More information about the Openid-specs-ab mailing list