dumb consumer mode, small change:
paul at ciphergoth.org
Wed Jun 8 15:28:50 PDT 2005
Brad Fitzpatrick wrote:
> I assume you take issue with "-" as a magic value.
I don't like magic values if I can avoid them - I'd prefer to use a
separate field to explicitly say you're using dumb mode. If that adds
significant extra complexity, though, let's just use "-".
I notice that you specified assert_identity in the server replies. I'm
not sure I see the value of changing the name between question and
answer. Apart from that field and openid.mode, the client presents to
the server with exactly what it was presented with, whatever that was,
to get the token validity. Here's one weird consequence: normally, if
you receive an openid.signed, the procedure for checking it and
assembling a structure of signed contents is pretty straightforward.
But if you're a server answering a check_authentication request, you
have to convert is_identity to assert_identity first, because the latter
is present in openid.signed but not in the request. This complicates
the semantics of openid.signed somewhat.
Various fields stay the same between request and response, and the
semantics of that field (ie, are we asking or saying about this
identity?) are indicated by openid.mode. Are you sure we need to change it?
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis