PROPOSAL: OpenID Form Clarification (A.4)

Recordon, David drecordon at verisign.com
Thu Oct 19 03:58:26 UTC 2006 

In my view, it is because the authentication protocol can proceed with
no problems if this field is named something different.  As things won't
break, as far as the protocol is concerned, this would also be nearly
impossible to enforce or justify.  It is easy to tell a developer to fix
how they're creating signatures, authentication transactions do not
complete, but enforcing convention around form fields seems difficult at
best.  I'd imagine that if a RP does not follow this recommendation then
a rich client should treat it as not being a relying party.

--David

-----Original Message-----
From: Dick Hardt [mailto:dick at sxip.com] 
Sent: Wednesday, October 18, 2006 11:35 PM
To: Recordon, David
Cc: Jonathan Daugherty; specs at openid.net
Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)

Why SHOULD rather then MUST? [1]

What valid reason is there for an RP to not have that field name?

[1] http://www.ietf.org/rfc/rfc2119.txt

-- Dick

On 18-Oct-06, at 1:28 PM, Recordon, David wrote:

> Agreed, just like the spec already says "The form field's "name"
> attribute SHOULD have the value "openid_identifier" as to allow User 
> Agents to automatically prefill the End User's Identifier when 
> visiting a Relying Party."
>
> I'm all for this feature, as well as even identifying the form itself,

> though don't see how it should be a MUST over a SHOULD for a Relying 
> Party.
>
> --David
>
> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On 
> Behalf Of Jonathan Daugherty
> Sent: Wednesday, October 18, 2006 2:33 PM
> To: Dick Hardt
> Cc: specs at openid.net
> Subject: Re: PROPOSAL: OpenID Form Clarification (A.4)
>
> # Proposal
> #
> # Modify 8.1 to:
> # ...
> #
> # The form field's "name" attribute MUST have the value # 
> "openid_identifier" as to allow User Agents to automatically prefill #

> the End User's Identifier when visiting a Relying Party.
>
> This should be a SHOULD, not a MUST.
>
> --
>   Jonathan Daugherty
>   JanRain, Inc.
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>

More information about the specs mailing list