[OpenID] About Facebook, MySpace and OpenID
John Bradley
john.bradley at wingaa.com
Fri Apr 3 23:52:59 UTC 2009
Don't get me started on OPs that are not returning AX attributes in
the signed part of the response:)
Or using deprecated AX URI.
You did get the wire level correct.
It is the higher level User/RP/OP interaction around the notions of
required and if_available where we see divergence between OP's and
corresponding issues with RPs not being certain of what will happen if
they as for required attributes at any given OP.
John Bradley
On 3-Apr-09, at 4:25 PM, Breno de Medeiros wrote:
> It is certainly true of the Google team that we tried to optimize
> the UI for non-OpenID-savvy users (which will be the vast majority
> in our case). It is also true that we thought we were fully
> compliant with the AX spec. To put it another way, RPs that 'break'
> as a result of our behavior would be in violation of the AX spec as
> currently written.
>
>
More information about the general
mailing list