Request for comments: Sorting fields in signature generation

Josh Hoyt josh at janrain.com
Tue Sep 26 23:48:18 UTC 2006


On 9/26/06, Marius Scurtescu <marius at sxip.com> wrote:
> > Pass-through parameters are *not part of any OpenID specification.*
>
> They are not, but in order to be able to pass them through you have
> to be able to deal with them. Also, you may have to sign them as well.

No one has written a proposal for pass-through arguments and it's not
in any specification, so it's hard to answer your objection. If
someone were to propose adding pass-through parameters to the
specification, I would argue that:

a) Including the pass-through arguments in the OpenID signature is not
necessary (or constructive!)
b) It is quite reasonable to restrict them to only one value per parameter name.

Josh



More information about the specs mailing list