Request for comments: Sorting fields in signature generation
josh at janrain.com
Wed Sep 27 17:04:22 UTC 2006
On 9/27/06, David Fuelling <sappenin at gmail.com> wrote:
> Just for clarification -- if duplicate parameters of the same name are NOT
> allowed by the spec, would one still be able to encode multiple values in
> the same key/value pair? Wouldn't this accomplish the same result as
> allowing duplicate key names?
OpenID already uses this mechanism. HMAC-SHA1 signatures include a
"signed" list, which is a single value containing a comma-separated
list (response to checkid_setup and checkid_immediate in ,
sreg.required and sreg.optional in ).
This mechanism is simple, transparent and established. This is the
solution I prefer if fields in an OpenID message are multi-valued.
More information about the specs