[OpenID] SREG 1.x attributes
Martin Atkins
mart at degeneration.co.uk
Tue Dec 2 00:37:09 UTC 2008
Peter Williams wrote:
> Here is a compromise: make it clear that both solicited and unsolicited responses to an auth can bear a ax etension ... alongside the sreg).
>
> Ax comes across as: ask for auth, get assertion (with sreg), now go back and ask for ax, get ax response (over association keys).
>
Is that really what the AX spec describes? That was not my
interpretation when I read it, but then I may have been reading it with
SREG-tinted glasses.
If the AX spec really is suggesting that the attributes be exchanged in
a separate transaction, then we should totally fix that. AX is supposed
to be a superset of the functionality of SREG.
More information about the general
mailing list