modulus and generator optional in association requests
Hello list! The association request [1] seems to be insufficiently specified: openid.dh_modulus and openid.dh_gen are not specifically marked as optional, so according to the Protocol Messages [2] section they should be mandatory. However, while testing the openid4java code [3], it turns out that RPs are not always sending these fields, which makes me believe the intent of the default values was to make these fields optional in association requests. So I suggest we mark the two fields as OPTIONAL to both clarify the usage and be consistent with section 4.1. Thanks, Johnny [1] http://openid.net/specs/openid-authentication-2_0-11.html#anchor19 [2] http://openid.net/specs/openid-authentication-2_0-11.html#anchor4 [3] http://groups.google.com/group/openid4java/browse_thread/thread/ f96a7b68bb15272d ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: modulus and generator optional in association requests
On 3/20/07, Granqvist, Hans [EMAIL PROTECTED] wrote: Once something complex is optional, typically few will implement it, which means you can run into the inverse: implementations that do supply optional values run into parties that cannot treat those values correctly. They are optional in OpenID 1, so the cat's already out of the bag. I see no reason to make them required in OpenID 2, since this case will already need to be implemented. Josh ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
RE: modulus and generator optional in association requests
How did you / others deal with this? There are quite a few ... Same way that you do/propose -- by using the default values if they are not present. -Hans ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs