VZ, In my implementation, I default to HMAC_SHA1 if it's 1.1, but I select no default if its 2.0: http://www.packetizer.com/security/openid/
I suspect that was my interpretation of the spec when I wrote the code. If the dh_* parameters are missing, I assume the defaults specified in the spec. Paul > -----Original Message----- > From: [email protected] [mailto:openid-specs- > [email protected]] On Behalf Of Vlastimil Zíma > Sent: Monday, June 06, 2011 11:30 AM > To: [email protected] > Subject: OpenID Authentication 2.0 spec clarification - does assoc_type > have default value > > Hello, > > in OpenID specs 2.0 all request parameter are required unless opposite > is said. Does it includes "openid.assoc_type" in association requests? > It had default in specs 1.1, but it does not have one now. > > What is proper response to request without assoc_type? > > Parameters "openid.dh_modulus" and "openid.dh_gen" are not marked as > optional as well, but they have default values mentioned in > specification. > > Can someone clarify this, please? > > VZ > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
