[OpenID] Mistake in 2.0 spec?
David Recordon
drecordon at sixapart.com
Thu Aug 28 18:34:46 UTC 2008
Good call, I've fixed this in the SVN trunk so it will get wrapped
into whatever the next spec version ends up being.
http://svn.openid.net/diff.php?repname=specifications&path=%2Fauthentication%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=397&sc=0
Thanks,
--David
On Aug 27, 2008, at 4:47 PM, Andrew Arnott wrote:
> Under http://openid.net/specs/openid-authentication-2_0.html#negative_assertions
> 14.2.1. Relying Parties
>
> When responding with a negative assertion to a "checkid_immediate"
> mode authentication request, the "user_setup_url" parameter MUST be
> returned. This is a URL that the end user may visit to complete the
> request. The OP MAY redirect the end user to this URL, or provide
> the end user with a link that points to this URL.
>
> Shouldn't this say "The RP MAY redirect the end user..." ???
>
> Surely the OP shouldn't ever redirect an immediate request to a
> checkid_setup request without RP intervention?!
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080828/ce716756/attachment-0002.htm>
More information about the general
mailing list