Request for comments: Sorting fields in signature generation -Call for votes

Recordon, David drecordon at verisign.com
Wed Sep 27 20:12:47 UTC 2006


I don't think multiple parameters with the same name should be
completely disallowed, rather that section 7.1 should strongly
discourage their use.  I agree that from the core authentication
standpoint they aren't needed today, though do understand that in the
future there may be a compelling use case for them.  I believe the
simplicity that is offered from not supporting them out weighs the
benefit of form handling with existing forms.

So +1 to tightening up section 7.1, but -1 to it specifically allowing
multiple parameters with the same name.  I believe the wording should be
such that it is "strongly NOT RECOMMENDED that extensions to OpenID
Authentication utilize GET or POST parameters with the same name".

Brad, thoughts?

--David 

-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Josh Hoyt
Sent: Wednesday, September 27, 2006 12:20 PM
To: Marius Scurtescu
Cc: specs at openid.net
Subject: Re: Request for comments: Sorting fields in signature
generation -Call for votes

On 9/27/06, Marius Scurtescu <marius at sxip.com> wrote:
> please keep in mind that we are not asking for some fancy new 
> technology or feature, just conformance with a very basic an wide 
> spread convention of handling parameters in HTTP/HTML.

As Kevin pointed out, we are not working on the HTTP/HTML form
processing specification. We are working on an authentication protocol.
Restricting the protocol to forbid multiple parameters with the same
name does not break conformance with anything.

I think that we have discussed the majority of the technical issues
regarding multiple parameters with the same name. I could respond to
your individual points, but I don't think that would get us any closer
to agreement.

Can we get +1/-1 on multiple parameters with the same name from people
without @sxip.com or @janrain.com e-mail addresses?

Clearly, we (JanRain) are -1.

Josh
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs




More information about the specs mailing list