SREG namespace URI rollback
Johnny Bufu
johnny at sxip.com
Mon Apr 2 21:00:51 UTC 2007
On 2-Apr-07, at 1:17 PM, Josh Hoyt wrote:
> On 4/2/07, Johnny Bufu <johnny at sxip.com> wrote:
>> I think the missing namespace in SREG1.0 can cause problems; take
>> this example:
>
> I was not proposing that we drop the namespace. Just that we don't
> introduce a new URI when the protocol is otherwise identical, and
> instead just use the existing type URI as a namespace URI.
>
> That is, an SREG 1.1 request looks like:
>
> openid.ns.s=http://openid.net/sreg/1.0&openid.s.nickname=j3h
>
> not:
>
> openid.sreg.nickname=j3h
But the OP in my example doesn't supports only SREG1.0, so it will
send the latter. And the RP who sent the request (SREG1.1 only)
assumed that "http://openid.net/sreg/1.0" in the OP's XRDS meant
SREG1.1. So even though both parties do the right thing, the
attribute transfer doesn't happen.
> If you use "sreg" as the namespace alias, SREG 1.1 is identical to
> SREG 1.0.
>
> Is that clearer?
Sorry - I may be missing something, but I still say the problem
remains: if a SREG1.1 party builds a message with a namespace alias
different than "sreg", it can confuse the other party which may be
expecting specifically "sreg".
Or, put it differently, identifying SREG1.1 with the same URI as
SREG1.0 would require all RPs and OPs out there to add the namespace
alias param to their messages, since it is required in OpenID2/
SREG1.1 (and that's what the URI also means).
Johnny
More information about the specs
mailing list