attribute exchange value encoding

Guoping Liu gliu at pingidentity.com
Tue May 29 04:22:08 UTC 2007


Johnny:

I have a couple comments on Section 3.3.2 Default Encoding of a Binary
Value. 

First, the character set of standard Base64 encoding is not URL-safe.
Specifically, '+', '/' and '=' need to be URL-encoded. So, we need to
URL-encode the value after base64 encoding. 

Secondly, different platforms may have different binary formats for a
given type of objects. There may be interoperability issues with binary
values across different platforms. We may want to use a string
representation of an object instead of its binary representation, like
in any XML document. For example, for an integer value 1234 of attribute
x we have openid.ax.x=1234. With this we will not need base64 encoding.
But, we will still need URL-encoding.

Regards,
Guoping

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Johnny Bufu
Sent: Thursday, May 24, 2007 6:16 PM
To: OpenID specs list
Subject: attribute exchange value encoding

Hello list,

While at IIW, I asked around what people thought about the encoding  
mechanisms we've added recently, in order to allow for transferring  
any data types. The consensus was that everyone would prefer  
something simpler and lighter.

So I've rewritten the encoding section, such that:

- for strings, only the newline (and percent) characters are required  
to be escaped,
   (to comply with OpenID's data formats), using percent-encoding;

- base64 must be used for encoding binary data, and defined
   an additional field for this:
   	openid.ax.encoding.<alias>=base64


Please review section 3.3 Attribute Values to see if there are any  
issues.


One remaining question is about the choice of encoding for strings.  
Percent-encoding (RFC3968) seems the simplest from a spec  
perspective, however some libraries provide (better) support for the  
older URL-encoding (RFC1738), which throws '+' characters into the  
mix. Which do you think would work best for implementers, users, and  
would cause less interop problems?


Johnny

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs



More information about the specs mailing list