attribute exchange value encoding
Guoping Liu
gliu at pingidentity.com
Tue May 29 04:22:08 UTC 2007
Johnny:
I have a couple comments on Section 3.3.2 Default Encoding of a Binary
Value.
First, the character set of standard Base64 encoding is not URL-safe.
Specifically, '+', '/' and '=' need to be URL-encoded. So, we need to
URL-encode the value after base64 encoding.
Secondly, different platforms may have different binary formats for a
given type of objects. There may be interoperability issues with binary
values across different platforms. We may want to use a string
representation of an object instead of its binary representation, like
in any XML document. For example, for an integer value 1234 of attribute
x we have openid.ax.x=1234. With this we will not need base64 encoding.
But, we will still need URL-encoding.
Regards,
Guoping
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Johnny Bufu
Sent: Thursday, May 24, 2007 6:16 PM
To: OpenID specs list
Subject: attribute exchange value encoding
Hello list,
While at IIW, I asked around what people thought about the encoding
mechanisms we've added recently, in order to allow for transferring
any data types. The consensus was that everyone would prefer
something simpler and lighter.
So I've rewritten the encoding section, such that:
- for strings, only the newline (and percent) characters are required
to be escaped,
(to comply with OpenID's data formats), using percent-encoding;
- base64 must be used for encoding binary data, and defined
an additional field for this:
openid.ax.encoding.<alias>=base64
Please review section 3.3 Attribute Values to see if there are any
issues.
One remaining question is about the choice of encoding for strings.
Percent-encoding (RFC3968) seems the simplest from a spec
perspective, however some libraries provide (better) support for the
older URL-encoding (RFC1738), which throws '+' characters into the
mix. Which do you think would work best for implementers, users, and
would cause less interop problems?
Johnny
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list