some questions on OpenID AX 1.0 draft 4

Thu Apr 12 16:04:06 UTC 2007

Dick Hardt wrote:

>>How does an RP delete an attribute when updating information on the
>>OP?
> 
> 
> The OP is not a repository for the RP. It is a repository for the  
> user. RPs store data at the OP that the user might find useful  
> somewhere else.

But wouldn't the RP want to be able to say "this data is no longer
useful."  Maybe the user-RP relationship is being terminated or
changed (e.g. an employee is being turned into a former-employee,
so the employeeNumber that the RP stored for the user at the OP is
going away.)

> 
>>Presumably RFC 2482 characters (plane 14 language tags) are OK?  Or  
>>are
>>language tags of values carried through some other means?
> 
> 
> UTF-8 would preclude language tags would it not?

I don't think so - There is a language tag plane in UCS-2 which
can be expressed in UTF-8.

>>How can the RP determine the maximum value length that an OP will
>>support for a particular attribute?
> 
> 
> no upper limit defined ... suggestions?

I'll comment on this in the metadata discussion.

>>What is the maximum length of an alias string that an RP can expect
>>an OP to support?
> 
> suggestions?

I'd allow at least 10 characters.

>>8. Section 6.1 states that "openid.ax.value.<alias> assigns a value  
>>to the
>>attribute referred to as <alias>."
>>
>>Is an OP receiving a store response required to save the alias  
>>provided by the
>>RP for any purpose, or is the alias merely used in a particular  
>>protocol
>>interaction?
> 
> 
> alias is just for the protocol

Thanks for the clarification.  Might be good to note this in the
spec so that RP implementors don't assume that the alias is getting
preserved.

> 
>>9. Section 6.1 states that "openid.ax.value.<alias>.<number>  
>>assigns a value
>>to the attribute referred to as <alias>. The <number> uniquely  
>>identifies the
>>index of the value, ranging from one to the value specified by
>>"openid.ax.count.<alias>".
>>
>>Is the OP required to preserve the order?

> no

OK Might be good to note this in the spec.

>>10. Is it legal for the values of a multi-valued attribute to be  
>>bytewise
>>identical, e.g.:
>>
>>openid.ax.value.fav_movie.1=Movie1
>>openid.ax.value.fav_movie.2=Movie1
> 
> 
> good question. What do you think?

If the only modification operation is 'replace all existing values
with these new values' then this isn't a problem and could be
allowed.  However I'd suggest the spec should say that OPs are
free to replace multiple values which compare for equality with a
single value.

>>11. How can the RP determine the maximum value count that an OP  
>>will support?
>
> not defined -- suggestion?

I'll add OpenID as also needing cardinality of attributes in the
metadata discussion topics for idschemas - LDAP and Higgins have
this issue as well.

Mark Wahl
Informed Control Inc.