modulus and generator optional in association requests
Johnny Bufu
johnny at sxip.com
Tue Mar 20 20:06:38 UTC 2007
Hello list!
The association request [1] seems to be insufficiently specified:
openid.dh_modulus and openid.dh_gen are not specifically marked as
optional, so according to the "Protocol Messages" [2] section they
should be mandatory.
However, while testing the openid4java code [3], it turns out that
RPs are not always sending these fields, which makes me believe the
intent of the default values was to make these fields optional in
association requests.
So I suggest we mark the two fields as OPTIONAL to both clarify the
usage and be consistent with section 4.1.
Thanks,
Johnny
[1] http://openid.net/specs/openid-authentication-2_0-11.html#anchor19
[2] http://openid.net/specs/openid-authentication-2_0-11.html#anchor4
[3] http://groups.google.com/group/openid4java/browse_thread/thread/
f96a7b68bb15272d
More information about the specs
mailing list