<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
John Panzer wrote:
<blockquote cite="mid45AD071C.3050004@aol.net" type="cite">
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
...<br>
  <br>
I can't find the reference for OpenID Exchange, though -- is there <br>
</blockquote>
Sorry for the spastic email.  But I do have a followup regarding the
reference:<br>
<br>
<a class="moz-txt-link-freetext" href="http://openid.net/wiki/index.php/OpenID_Exchange_1.0">http://openid.net/wiki/index.php/OpenID_Exchange_1.0</a><br>
<blockquote type="cite">Some servers/frameworks do not allow
applications access to the Authorization header</blockquote>
I hope there are no frameworks which block access to Authorization; but
if there are servers, or environments, which want to lock down
authentication/authorization, how would the server administrators react
to a protocol which tunnels around that block?  Or is this a case where
the default setting blocks access to the header for some reason?<br>
<br>
-John<br>
<br>
<br>
<br>
<br>
</body>
</html>