Request for comments: Sorting fields in signature generation - Call for votes

Dick Hardt dick at sxip.com
Wed Sep 27 19:29:40 UTC 2006


On 27-Sep-06, at 12:20 PM, Josh Hoyt wrote:

> On 9/27/06, Marius Scurtescu <marius at sxip.com> wrote:
>> please keep in mind that we are not asking for some fancy new
>> technology or feature, just conformance with a very basic an wide
>> spread convention of handling parameters in HTTP/HTML.

This issue was brought up because the signing algorithm assumes there  
is only one parameter of a given name.

If the SIGNALL algorithm took all the name / value pairs and sorted  
them by byte order, then concatenated them, this would not be an  
issue. If there is a need for multiple parameters in a message in the  
future, it can be done, and this algorithm means the openid.signed  
parameter is not needed. That would seem to be a simpler algorithm  
and solution.





More information about the specs mailing list