[OpenID] general Digest, Vol 29, Issue 38
John Bradley
john.bradley at wingaa.com
Thu Jan 8 19:08:47 UTC 2009
Hi Chris,
Yes it is a problem I have detected with a number of RP libs.
I did a test for openID delegation via rel links for the last OSIS
interop
http://osis.idcommons.net/wiki/I5:FeatureTest-OpenID_2.0_Relying_Party_openID_2.0_delegations_via_rel_links
One of the leading causes of delegation failure I have seen is using
<link rel="me openid.delegate" href="http://thread-safe.net" />
A number of the libs I discovered were trying to use regex to find the
openid.delegate in a too restrictive way.
I will expand the test cases for I5 and try to catch this behavior.
Regards
=jbradley
On 8-Jan-09, at 1:21 PM, general-request at openid.net wrote:
> Message: 1
> Date: Thu, 8 Jan 2009 00:58:45 -0800
> From: "Chris Messina" <chris.messina at gmail.com>
> Subject: [OpenID] HTML-Based Discovery incompatibilities
> To: "general at openid.net List" <general at openid.net>
> Message-ID:
> <1bc4603e0901080058u2ae8f88dw87f268460e1605c8 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I just read over SS 7.3.3 on HTML-Based Discovery [1], and
> considering my
> experience today trying to re-delegate my OpenID, I've discovered
> that this
> section needs to updated a clarified.
>
> It turns out that relying parties are not parsing HTML rel values in a
> standard way. That is, if there is more than one rel value provided
> for a
> link, some RPs fail, whereas others work fine.
>
> In other words, this:
>
> <link rel="openid2.provider openid.server" href="
> http://factoryjoe.com/blog/" />
> <link rel="openid2.local_id openid.delegate" href="
> http://factoryjoe.com/blog/" />
>
> is not the same as this:
>
> <link rel="openid2.provider" href="
> http://factoryjoe.com/blog/?openid_server=1" />
> <link rel="openid2.local_id" href="
> http://factoryjoe.com/blog/author/factoryjoe/" />
> <link rel="openid.server" href="
> http://factoryjoe.com/blog/?openid_server=1" />
> <link rel="openid.delegate" href="
> http://factoryjoe.com/blog/author/factoryjoe/" />
>
> It's my understanding that the rel attribute should be able to contain
> several values.
> But I can tell you that IntenseDebate, for example, failed when
> delegation
> was setup using the former code. It only worked when I broke out the
> two
> links into four.
>
> I'm not sure if this is an issue with the libraries or what, but I'd
> like to
> know if other people have experienced this problem, and if we can
> improve
> the language in the spec to make sure that people understand that
> they need
> to look for the presence of an element in a rel value -- not that the
> *entire* value is one element.
>
> Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/76177c65/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2486 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090108/76177c65/attachment-0002.bin>
More information about the general
mailing list