attribute exchange draft 4 review
Johnny Bufu
johnny at sxip.com
Fri Feb 9 22:32:52 UTC 2007
Hello list!
While reviewing our AX implementation, I came across a case where the
spec is not clear enough:
openid.ax.required
The value of this parameter is an attribute alias, or a list
of aliases corresponding to the URIs defined by
"openid.ax.type.<alias>" parameters. The OpenID Provider
MUST provide the identity information specified in this
parameter or return an error condition.
The error condition that the OP is supposed to return is not fully
specified. We mention in the overview section that standard OpenID
error messages should be used, but those would indicate a core /
authentication failure.
My question is how would you, as an implementer on the RP side,
prefer to be notified that the user / OP were not willing / able to
supply a required attribute?
Thanks,
Johnny
More information about the specs
mailing list