Few comments on Draft 11
Prasanta Behera
pbehera at yahoo-inc.com
Fri Nov 10 15:57:47 UTC 2006
#1: Section 10.1
> Value: Comma-separated list of signed fields. Note: This entry
consists of the fields without the "openid." prefix that the signature
covers. This list
> MUST contain at least "return_to" and "response_nonce", and if present
in the response, "disco_id" and "identity". For example,
> "identity,disco_id,return_to,response_nonce".
It should be "if present in the response, "disco_id" and/or "identity
... " since identity is a optional field.
#2: Section 11.3
>If the Claimed Identifier was not present in the request
("openid.identity" was "http://openid.net/identifier_select/2.0"), the
Relying Party MUST perform discovery on the Identifier in the response
to make sure that the IdP is authorized to make assertions about the
Identifier.
Why RP needs to do a discovery again on the identifier asserted by the
IDP when the IDP asserted it? (or may be I mis-read it)
Thanks,
/Prasanta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061110/322fa121/attachment-0002.htm>
More information about the specs
mailing list