password-free login without SSL and OP reliance (an anti-phishing solution)

Douglas Otis dotis at mail-abuse.org
Sat Apr 7 15:58:28 UTC 2007 

On Sat, 2007-04-07 at 11:43 +0100, Martin Atkins wrote:
> Douglas Otis wrote:
> > 
> > For clarity, OpenID Authentication 2.0 - Draft 11 "4.1.1. Key-Value  
> > Form Encoding" should change to something like "Keyword-Value Form  
> > Encoding".  Avoid using the word "key" to mean field or label.  This  
> > will cause confusion.
> > 
> 
> While I believe that "key-value pairs" is a common enough term that 
> confusion is unlikely by any knowledgeable developer, I suggest that if 
> it be changed it be changed to "name-value form encoding", since I think 
> this is more commonly used than "keyword-value".

For me, he term key-value was a bit confusing because it was not
explicit.

This term "key" currently refers to either fields or sub-fields in
sections- 4.1.2., 5.1.1., 5.1.2., 5.1.2.2., 5.2., 7.1., 10.1., 11.2.,
11.4.1., 11.4.2.1., 14.2., 15.1.2.

There are sub-fields identified as "name" where the term name would get
confusing in section 5.2.2., 7.1., 9.2., 12. and A.5. 

How about this:
---
4.1.  Protocol Messages
The OpenID Authentication protocol messages are mappings of plain-text
labels to plain-text values. The keys and values permit the full Unicode
character set (UCS). When the keys and values need to be converted
to/from bytes, they MUST be encoded using UTF-8(Yergeau, F., “UTF-8, a
transformation format of Unicode and ISO 10646,” .) [RFC3629]. 

Messages MUST NOT contain multiple parameters with the same label. 

Throughout this document, all OpenID message parameters are REQUIRED,
unless specifically marked as OPTIONAL. 


 
4.1.1.  Label-Value Form Encoding
A message in Label-Value form is a sequence of lines. Each line begins
with a field label, followed by a colon, and the value associated with
the label. The line is terminated by a single newline (UCS codepoint 10,
"\n"). A label or value MUST NOT contain a newline and a label also MUST
NOT contain a colon. 

Additional characters, including whitespace, MUST NOT be added before or
after the colon or newline. The message MUST be encoded in UTF-8 to
produce a byte string. 

Label-Value Form encoding is used for signature calculation and for
direct responses(Direct Response) to Relying Parties.  For brevity, this
specification may refer to sub-components of the label.  For example,
the field label "openid.mode" may be referenced as just "mode".  


---

This would then require all locations that use the term "key" when
referring to a field label to be changed to "label".

-Doug

More information about the specs mailing list