[OpenID] Mistake in 2.0 spec?
Andrew Arnott
andrewarnott at gmail.com
Wed Aug 27 23:47:28 UTC 2008
Under
http://openid.net/specs/openid-authentication-2_0.html#negative_assertions
14.2.1. Relying PartiesWhen responding with a negative assertion to a
"checkid_immediate" mode authentication request, the "user_setup_url"
parameter MUST be returned. This is a URL that the end user may visit to
complete the request. The *OP *MAY redirect the end user to this URL, or
provide the end user with a link that points to this URL.
Shouldn't this say "The *RP* MAY redirect the end user..." ???
Surely the OP shouldn't ever redirect an immediate request to a
checkid_setup request without RP intervention?!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080827/36d54d10/attachment-0001.htm>
More information about the general
mailing list