[OpenID] making OpenId RESTful
Pat Cappelaere
pat at cappelaere.com
Thu Jan 21 03:25:11 UTC 2010
Tom,
On Jan 20, 2010, at 9:48 PM, Allen Tom wrote:
> [Moving this thread from openid-general to openid-specs]
>
>
> On 1/19/10 6:23 AM, "Story Henry" <henry.story at bblfish.net> wrote:
>
>
>> b. the data format is a name value pair with no global namespace. This is
>> very limited compared to RDF and creates a very heavy extensibility bottleneck
>> c. The data has to be passed inside the redirected URL. So the amount of
>> data that can be exchanged is limited to a max of 1024 bytes.
>
> Hi Henry,
>
> The lack of a standard schema, and the max URL sizelimit (I believe 2048
> bytes is the max) needs to be fixed.
>
> Having no standard schema causes interop problems. Defining a basic set of
> commonly used attributes (similar to what was previously done for Simple
> Registration) should be done in AX 1.1
>
There is no such thing as commonly used attributes. We do use a lot of extended attributes for our particular application at NASA. We need to make sure people can still extend at will.
> The redirect URL sizelimit can theoretically be worked around by switching
> to HTTP POST - however this does not work acceptably in real-world
> deployments because most RPs don't support HTTPS. Returning the response via
> HTTP POST from an OP that supports HTTPS to an RP that uses an HTTP
> return_to URL results in a scary browser security warning displayed to the
> user. Displaying a security warning to the user is an unacceptable UX.
>
> I think the quick hack that will be done in AX 1.1 will be to make the
> standard AX attribute names a lot shorter - I believe that it was suggested
> (half jokingly) that we use bit.ly URLs. Another possible approach would be
> to define the attribute aliases supported by the OP in the OP's discovery
> document.
Does not sound very appealing. Are you sure you do not want to consider Henry's approach using FOAF? It would solve your standard schema/interop/extensibility issue.
Thanks,
Pat/
More information about the specs
mailing list