[OpenID] Interoperability problem with OpenID POST response between myopenid and Google
Andrew Arnott
andrewarnott at gmail.com
Mon Sep 21 13:53:20 UTC 2009
*Right*....
I had that in my head at one point but it slipped my mind. I'll get right
on that. :)
Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Mon, Sep 21, 2009 at 2:13 AM, André Cruz <andre.cruz at co.sapo.pt> wrote:
> Hello Andrew
>
> On Sep 20, 2009, at 6:05 , Andrew Arnott wrote:
>
> I've finally getting around to writing those UTF-8 signature tests you
>> asked for. It occurs to me that the only place it matters is in an OP
>> positive assertion sent via POST. Query strings have very strict rules
>> about allowable characters and UTF-8 characters will have to be properly
>> escaped for query string transport, which eliminates any signature issues.
>> POST however, I think are more capable of carrying UTF-8 payloads. So I'm
>> designing the UTF-8 signature test to verify that OPs properly sign a
>> positive assertion from an RP that intentionally encourages the OP to use
>> POST instead of GET.
>>
>> If you think I'm missing something please let me know.
>>
>
> Shouldn't you test the ability of the RPs to correctly verify the signature
> of the UTF-8 payload as well? Just to close the circle. :)
>
> Best regards,
> André Cruz
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090921/50693a55/attachment.htm>
More information about the general
mailing list