[Openid-specs-ab] Reserved member definitions

Roland Hedberg roland.hedberg at adm.umu.se
Mon Sep 19 07:35:54 UTC 2011


Hi!

As some of you know I was part of the IETF working group that did the LDAPv3 specification.
One change that was made from X.500 has later been regarded as the worst mistaken done by this group.
The change was going from specifying attributes not as OIDs but to instead using english names.

Surname became 'sn' or 'surname' instead of 2.5.4.4 .

This has lead to innumerable problems and heated debates mainly due to the inexactness of the English language.
This is of course not specific to English it is an inherited problem with any natural language.

So I would urge this group to refrain from using the natural language identifiers listed in 
http://openid.net/specs/openid-connect-messages-1_0.html#ClaimTable
and instead use OID:s (as used by X.500) or URI:s (as used by the semantic web).

The simplest change and my proposal is to switch to URI:s a'la the semantic web.

Hence the on-the-wire name for 'id' will be 'http://openid.net/schema/person#id".

To keep down the number of bytes transferred one can allow the definition of the namespace to be part of the response a'la RDF/XML:

{
"namespace": {"ns1":'http://openid.net/schema/person#'},
"ns1:name": "Jane Doe"
"ns1:given_name": "Jane",
"ns1:family_name": "Doe",
"ns1:email": "janedoe at example.com",
"ns1:picture": "http://example.com/janedoe/me.jpg"
}

Unfortunately there doesn't seem to be any standard for handling namespaces in JSON.

-- Roland


More information about the Openid-specs-ab mailing list