[OpenID] Maximum recommended URI length?
SitG Admin
sysadmin at shadowsinthegarden.com
Thu Aug 7 08:45:03 UTC 2008
If the spec calls for any legal URI, and there is no theoretical
length limit (but a practical limit because of what servers will
allow to get through), how many OpenID servers (OP or RP) "in the
wild" today would pass compatibility testing? I decided to research
this matter more, and found one that seems prepared to fail:
http://code.djangoproject.com/wiki/CookBookShortcutsOpenIDAuthentication
I can't be sure because I don't read Python and I'm not even reading
past that 5th line, but it seems simple enough - the input field for
URI is 30 characters wide and will accept a maximum of 50 characters.
I found something about a 255-byte limit (or 512, or 1024) for
proxies, but this seems to be more about URI's in general and less
about OpenID specifically:
http://www.oreillynet.com/xml/blog/2007/12/question_does_the_uri_length_r.html
And then, finally, I found an earlier thread on this very topic
between Martin Atkins and Brad Fitzpatrick:
http://lists.danga.com/pipermail/yadis/2005-May/000317.html
I just read through the specs for v2.0 (and then searched for '50'
and '255' to make sure I hadn't missed anything), but the only
mention of either is for 'assoc_handle' and 'openid.response_nonce'.
I went back to v1.0 and checked, discovering that there *was* mention
under "Appendix D. Limits":
http://openid.net/specs/openid-authentication-1_1.html#limits
Is there some reason this section was removed under v2.0?
-Shade
More information about the general
mailing list