[OpenID] Attribute Exchange

Armand du Plessis armand at dotnet.org.za
Mon Aug 6 06:28:33 UTC 2007


Hi,

I'm busy extending the ruby-openid library to support the Attribute
Exchange draft for use in one of our sites but have a couple of
questions around it I'm hoping you guys can clarify:

1) Am I correct in saying that the ax, fetch_request and
fetch_response, messages should piggy-back on the OpenID
authentication, checkid_setup, checkid_immidiate and id_res, messages?
At first I thought it would be seperate messages but reading the
section on OpenID extensions it seems it needs to be included in the
same request-response.
2) Some of my attribute exchange responses include quite a lot of
data. If the RP initiated the exchange and included a fetch_request
attribute is it OK for the server to respond with a POST back when the
initial request was a GET?

In the OpenID library I see that if the message was one of the
checkid* it will respond with a http redirect with all the values sent
back in the querystring which in my case would sometimes exceed the
max querystring length. Will a consumer understand the response if
it's sent back as a key/value form? Or what is the preferred mechanism
for doing that? Should I rather included the values in a post back
without bothering the k/v form? The spec is not too clear on this or
it's too early in the morning for me to understand it :)

Any guidance or pointers to samples for implementing the AX extensions
would be really welcome.

Kind regards,

Armand



More information about the general mailing list