modulus and generator optional in association requests

Johnny Bufu johnny at sxip.com
Tue Mar 20 20:06:38 UTC 2007


Hello list!

The association request [1] seems to be insufficiently specified:  
openid.dh_modulus and openid.dh_gen are not specifically marked as  
optional, so according to the "Protocol Messages" [2] section they  
should be mandatory.

However, while testing the openid4java code [3], it turns out that  
RPs are not always sending these fields, which makes me believe the  
intent of the default values was to make these fields optional in  
association requests.

So I suggest we mark the two fields as OPTIONAL to both clarify the  
usage and be consistent with section 4.1.


Thanks,
Johnny


[1] http://openid.net/specs/openid-authentication-2_0-11.html#anchor19
[2] http://openid.net/specs/openid-authentication-2_0-11.html#anchor4
[3] http://groups.google.com/group/openid4java/browse_thread/thread/ 
f96a7b68bb15272d



More information about the specs mailing list