+1. Also, there's nothing stopping an unsolicited assertion from including the AX response extension. It can include that as easily as an sreg response extension.<br><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Mon, Dec 1, 2008 at 4:56 PM, Dick Hardt <span dir="ltr"><<a href="mailto:dick.hardt@gmail.com">dick.hardt@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
On 1-Dec-08, at 4:37 PM, Martin Atkins wrote:<br>
<br>
> Peter Williams wrote:<br>
>> Here is a compromise: make it clear that both solicited and<br>
>> unsolicited responses to an auth can bear a ax etension ...<br>
>> alongside the sreg).<br>
>><br>
>> Ax comes across as: ask for auth, get assertion (with sreg), now go<br>
>> back and ask for ax, get ax response (over association keys).<br>
>><br>
><br>
> Is that really what the AX spec describes? That was not my<br>
> interpretation when I read it, but then I may have been reading it<br>
> with<br>
> SREG-tinted glasses.<br>
><br>
> If the AX spec really is suggesting that the attributes be exchanged<br>
> in<br>
> a separate transaction, then we should totally fix that. AX is<br>
> supposed<br>
> to be a superset of the functionality of SREG.<br>
<br>
</div>AX works as you think it works Martin.<br>
<br>
Peter's comments are confusing to me.<br>
<font color="#888888"><br>
-- Dick<br>
</font><div><div></div><div class="Wj3C7c">_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>