OpenID Auth 2.0 and user-agent neutrality (or, OpenID withREST/SOAP)
Recordon, David
drecordon at verisign.com
Mon Nov 20 21:46:56 UTC 2006
Ah ok, forgot about that paragraph.
--David
-----Original Message-----
From: Johnny Bufu [mailto:johnny at sxip.com]
Sent: Monday, November 20, 2006 1:47 PM
To: Recordon, David
Cc: Dick Hardt; specs at openid.net
Subject: Re: OpenID Auth 2.0 and user-agent neutrality (or, OpenID
withREST/SOAP)
David,
On 20-Nov-06, at 1:35 PM, Recordon, David wrote:
> We still need to add rules around what to do if both a GET and POST
> parameter with the same name exist.
This seems to be already covered, under the "HTTP Encoding" section:
When a message is sent as a POST, the application processing
the HTTP request MUST only use the values in the POST body
and MUST ignore any GET parameters.
Not sure if it needs to be emphasized.
Johnny
More information about the specs
mailing list