Extensions key prefix
Rowan Kerr
rowan at sxip.com
Wed Mar 14 00:05:15 UTC 2007
In all my time spent reading and implementing the OpenID Authn 2
spec, this particular detail escaped me. Johnny Bufu pointed it out
to me the other day while we were going through some Attribute
Exchange tests.
http://openid.net/specs/openid-authentication-2_0-11.html#extensions
"To associate keys with a Type URI, establish an alias by adding a
key prefixed with "openid.ns." and ending with the alias text whose
value is the Type URI."
I never picked up on the fact that these aliases can be dynamic on a
per-server or actually per-messsage basis, and assumed the key
prefixes listed in the extension specs were what one could expect to
see in a message.
This affects all proposed extensions to OpenID 2.0...
i.e. While the spec for Attribute Exchange uses "openid.ax" for its
message keys, and Simple Reg 1.1 uses "openid.sreg", in reality the
keys received in a message are determined by whatever comes after the
key openid.ns.* where the value is the URI of the extension putting
data into those keys.
So, openid.ns.ax = http://openid.net/srv/ax/1.0 implies
openid.ax.required.
But it could just as easily be openid.ns.foo = http://openid.net/srv/
ax/1.0
in which case, your sreg values would be in keys named openid.foo.*
Is this clear to everyone else? It makes sense to me now, but I think
it should be made more clear in the main spec, and perhaps the
extension specs could move away from hardcoding the openid.ns.* and
use an obvious placeholder string.
-Rowan
More information about the specs
mailing list