[Openid-specs-ab] Draft 03

John Bradley jbradley at mac.com
Fri Apr 23 00:05:52 UTC 2010


In 6 Generating Signatures the example it has "alg":"RSA-SHA256"  however the only supported alg is RSA-SHA1.


7.2
The end user's input MUST be normalized into an Identifier, as follows:


If the user's input starts with the "xri://" prefix, it MUST be stripped off.
If the first character of the resulting string is an XRI Global Context Symbol ("=", "@", "+", "$", "!") or "(", as defined in Section 2.2.1 of[XRI_Syntax_2.0], then the input SHOULD be treated as an XRI. Prepend https://xri.net/ to the XRI to make it a URL.
Otherwise, the input SHOULD be treated as an http URL; if it does not include a "http" or "https" scheme, the Identifier MUST be prefixed with the string "http://". If the URL contains a fragment part, it MUST be stripped off together with the fragment delimiter character "#". SeeSection 11.5.2 for more information.
URL Identifiers MUST then be further normalized by both following redirects when retrieving their content and finally applying the rules in Section 6 of [RFC3986] to the final destination URL. This final URL MUST be noted by the Relying Party as the Claimed Identifier and be used when requesting authentication.

7.4  Besides the public key we should allow the RP to list supported encryption alg

7.6

The Artifact Authentication Request MUST contain one openid.artifact OR openid.ppfurl.  Both can not be present in the request.

The openid.rpfurl MUST be https://  ?  I like the hash but it makes the request larger and people won't check it,  I think https: is safer.



7.9
This needs more work I will try and get to it shortly


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100422/ca915dff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20100422/ca915dff/attachment.bin>


More information about the Openid-specs-ab mailing list