[OpenID] Simple Registration Extension 1.1 draft 1
Kevin Turner
kevin at janrain.com
Tue Sep 11 23:36:51 UTC 2007
On Tue, 2007-09-11 at 14:51 +0100, Jack wrote:
> ".sreg" part is going to depend on the namespace mapping that is defined
> by the "openid.ns.something" parameter. And so the part called
> "openid.ns.sreg" _IS_ required, although it might actually be
> "openid.ns.something" - the other parts cannot be evaluated without the
> namespace declaration.
This is dependent on the version of OpenID you are using. Version 1.x
does not require openid.ns, version 2.0 requires it for all extensions.
See
http://openid.net/specs/openid-authentication-2_0-12.html#extensions
This applies to your comments about the presence or absence of the
namespace field in the response message as well.
> 2. In S4 it says:
> "The behavior in the case of missing required fields or extra,
> unrequested fields is up to the Consumer."
>
> This presumably also applies to missing optional fields. So it seems
> that, as far as the protocol is concerned, optional and required fields
> are equivalent.
This is true, but making a distinction between the two allows for the
provider to show a UI hint.
> Is there a requirement that the namespace label in the response should
> have the same value as it had in the request? That is, should an RP be
> prepared for the label to have changed?
That's really the only sane way to write an OpenID 2.0 message parser.
The label is only meaningful in the context of that one message, and
it's nothing more than an alias.
More information about the general
mailing list