[OpenID] Interoperability problem with OpenID POST response between myopenid and Google
André Cruz
andre.cruz at co.sapo.pt
Mon Sep 21 09:13:01 UTC 2009
Hello Andrew
On Sep 20, 2009, at 6:05 , Andrew Arnott wrote:
> I've finally getting around to writing those UTF-8 signature tests
> you asked for. It occurs to me that the only place it matters is in
> an OP positive assertion sent via POST. Query strings have very
> strict rules about allowable characters and UTF-8 characters will
> have to be properly escaped for query string transport, which
> eliminates any signature issues. POST however, I think are more
> capable of carrying UTF-8 payloads. So I'm designing the UTF-8
> signature test to verify that OPs properly sign a positive assertion
> from an RP that intentionally encourages the OP to use POST instead
> of GET.
>
> If you think I'm missing something please let me know.
Shouldn't you test the ability of the RPs to correctly verify the
signature of the UTF-8 payload as well? Just to close the circle. :)
Best regards,
André Cruz
More information about the general
mailing list