Request for comments: Sorting fields in signature generation
marius at sxip.com
Wed Sep 27 18:27:38 UTC 2006
On 27-Sep-06, at 10:09 AM, Josh Hoyt wrote:
> On 9/27/06, Barry Ferg <barry at sxip.com> wrote:
>> For that matter, isn't having implementation issues in certain
>> restrictive development environments drive the specification kind of
>> like the tail wagging the dog?
> I am attempting to be pragmatic. Why add something to the
> specification that makes it harder to implement, especially in some of
> the most common deployment environments? I mentioned Rails and PHP. We
> (JanRain) have library implementations of OpenID 1.1 for Python, PHP,
> Ruby, Java, .Net, and Perl. The PHP and Ruby libraries are by far the
> most popular of those libraries. I think this is justification for
> taking them into account when deciding whether to add a new
> complication to the specification. Allowing multiple parameters with
> the same name is *a new complication.*
I agree that this is a new complication and that you should always
keep things as simple as possible. But not simpler than that. The
main argument seems to be around what is too simple.
Just to clarify and to make sure we are on the same page here:
1. Both PHP and Rails are using multi value parameters, they are
2. PHP and Rails, and probably other frameworks are using a special
syntax for multi value parameters (parameter names ending with ).
3. Support for the generic multi value parameters seems possible in
PHP (and I assume Rails as well). While this is not trivial it does
not seem terrible hard either.
4. The core spec can stick with single value parameters.
5. Only IdPs will need to deal with parsing multi value parameters,
and requirements for IdPs are higher anyhow.
6. Simple RPs that cannot handle generic multi value parameters will
not use them and everything is fine.
7. The only bigger change in the spec is regarding sorting parameters
for signing. Pretty simple IMHO.
Also, please keep in mind that we are not asking for some fancy new
technology or feature, just conformance with a very basic an wide
spread convention of handling parameters in HTTP/HTML.
More information about the specs