On Apr 19, 2007, at 10:46 AM, Josh Hoyt wrote:
On 4/19/07, Marius Scurtescu [EMAIL PROTECTED] wrote:
I think we do need pre-URL-encoding, mainly because of signatures.
In order to calculate the signature the parameters must be put
together in a special way and new line characters are not
On Apr 9, 2007, at 9:45 AM, Brian Hernacki wrote:
For what it's worth, as an implementer...
I think it makes sense to come to agreement within the OpenID
community and get something working first. While I appreciate the
issues involved with having multiple protocols and attribute
On Sat, 2007-04-07 at 11:43 +0100, Martin Atkins wrote:
Douglas Otis wrote:
For clarity, OpenID Authentication 2.0 - Draft 11 4.1.1. Key-Value
Form Encoding should change to something like Keyword-Value Form
Encoding. Avoid using the word key to mean field or label
On Sat, 2007-04-07 at 08:58 -0700, Douglas Otis wrote:
Oops. I missed two references to keys.
---
4.1. Protocol Messages
The OpenID Authentication protocol messages are mappings of plain-text
labels to plain-text values. The labels and values permit the full
Unicode character set (UCS). When
On Sat, 2007-04-07 at 10:30 -0700, Josh Hoyt wrote:
On 4/7/07, Douglas Otis [EMAIL PROTECTED] wrote:
This would then require all locations that use the term key when
referring to a field label to be changed to label
-1
If it needs to be changed, Martin's suggestion of name instead
On Sat, 2007-04-07 at 18:22 -0700, Douglas Otis wrote:
Oops.
4.1. Protocol Messages (second paragraph)
Messages MUST NOT contain multiple values within the same field name.
Messages MUST NOT contain message parameters with the same field name.
-Doug
On Apr 5, 2007, at 3:49 AM, Vinay Gupta wrote:
On Apr 5, 2007, at 10:40 AM, Douglas Otis wrote:
Although the world demands GUI, terminal interfaces already offer
a powerful set of tools for doing exactly what is needed. Public
key cryptography reduces the overhead and security concerns
On Wed, 2007-04-04 at 20:02 +, Vinay Gupta wrote:
On Apr 4, 2007, at 7:43 PM, Douglas Otis wrote:
Hm. Well, I don't to suggest that we tear off fixing or expressing
the whole semantics of PKI, but I do think that some care should be
taken to make sure that it's clear what the security
On Apr 4, 2007, at 12:45 AM, Martin Atkins wrote:
Anders Feder wrote:
Imagine an RP requesting your bank account number X from your OP.
Time
goes by, and your OP goes out of business. Later, you switch banks
and
your account number X is assigned to someone else. In the
meantime,
On Apr 4, 2007, at 11:44 AM, Vinay Gupta wrote:
On Apr 4, 2007, at 6:13 PM, Douglas Otis wrote:
There could be keys used to authorize some other automated
service, or to act as a replacement for OpenID once the key has
been established. One might be defined for email, IM, VoIP, etc
10 matches
Mail list logo