dumb consumer mode, small change:

Paul Crowley paul at ciphergoth.org
Wed Jun 8 15:28:50 PDT 2005

Brad Fitzpatrick wrote:
> I assume you take issue with "-" as a magic value.

I don't like magic values if I can avoid them - I'd prefer to use a 
separate field to explicitly say you're using dumb mode.  If that adds 
significant extra complexity, though, let's just use "-".

I notice that you specified assert_identity in the server replies.  I'm 
not sure I see the value of changing the name between question and 
answer.  Apart from that field and openid.mode, the client presents to 
the server with exactly what it was presented with, whatever that was, 
to get the token validity.  Here's one weird consequence: normally, if 
you receive an openid.signed, the procedure for checking it and 
assembling a structure of signed contents is pretty straightforward. 
But if you're a server answering a check_authentication request, you 
have to convert is_identity to assert_identity first, because the latter 
is present in openid.signed but not in the request.  This complicates 
the semantics of openid.signed somewhat.

Various fields stay the same between request and response, and the 
semantics of that field (ie, are we asking or saying about this 
identity?) are indicated by openid.mode.  Are you sure we need to change it?
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list