[OpenID] SREG 1.x attributes
Peter Williams
pwilliams at rapattoni.com
Tue Dec 2 01:42:25 UTC 2008
At which point there is no reason to overload sreg, since vsas can be sent in the same message ...100 bytes furtheron. Ax attrs need not be "requested" when accompanying an authn assertion (solicited or not).
________________________________
From: Andrew Arnott <andrewarnott at gmail.com>
Sent: Monday, December 01, 2008 5:23 PM
To: Dick Hardt <dick.hardt at gmail.com>
Cc: Martin Atkins <mart at degeneration.co.uk>; general at openid.net <general at openid.net>
Subject: Re: [OpenID] SREG 1.x attributes
+1. Also, there's nothing stopping an unsolicited assertion from including the AX response extension. It can include that as easily as an sreg response extension.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire
On Mon, Dec 1, 2008 at 4:56 PM, Dick Hardt <dick.hardt at gmail.com<mailto:dick.hardt at gmail.com>> wrote:
On 1-Dec-08, at 4:37 PM, Martin Atkins wrote:
> Peter Williams wrote:
>> Here is a compromise: make it clear that both solicited and
>> unsolicited responses to an auth can bear a ax etension ...
>> alongside the sreg).
>>
>> Ax comes across as: ask for auth, get assertion (with sreg), now go
>> back and ask for ax, get ax response (over association keys).
>>
>
> Is that really what the AX spec describes? That was not my
> interpretation when I read it, but then I may have been reading it
> with
> SREG-tinted glasses.
>
> If the AX spec really is suggesting that the attributes be exchanged
> in
> a separate transaction, then we should totally fix that. AX is
> supposed
> to be a superset of the functionality of SREG.
AX works as you think it works Martin.
Peter's comments are confusing to me.
-- Dick
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general
More information about the general
mailing list