[OpenID] Can't we make openid.ns.sreg attribute a must in OpenID sreg responses?
Martin Atkins
mart at degeneration.co.uk
Tue Feb 26 18:09:41 UTC 2008
Prabath Siriwardena wrote:
> As per the spec;
> http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
> "openid.ns.sreg" is not an attribute that MUST be included in the response.
>
> The spec says; "An Identity Provider MAY return any subset of the
> following fields in response to the query."
>
> For example; if you get an OpenID from signon.com; and initiate an
> OpenID sreg request; you won't see "openid.ns.sreg" being included in
> the response.
>
> But, this makes the life much harder; where we need to differenciate
> sreg responses from ax responses.
>
> Can't we make openid.ns.sreg attribute a must in OpenID sreg responses?
>
Although Simple Registration does not require this itself, the MUST for
this field lives in the OpenID Authentication 2.0 specification under
section 14, "Extensions"[1]:
"To associate keys and values in a message with an extension, the
key MUST be associated with the Type URI. To associate keys with a
Type URI, establish an alias by adding a key prefixed with
"openid.ns." and ending with the alias text whose value is the Type
URI."
In an OpenID 1.1 request, the sreg extension is detected through the use
of the "openid.sreg." prefix. In a 2.0 request, the sreg extension is
detected by looking for a namespace alias with the correct namespace URI.
It is not a MUST in the Simple Registration specification because SREG
is specified to work with both OpenID 1.1 and 2.0. You are expected to
use the correct extension mechanism for the version you are using.
[1] http://openid.net/specs/openid-authentication-2_0-10.html#extensions
More information about the general
mailing list