[OpenID] Interoperability problem with OpenID POST response between myopenid and Google
Andrew Arnott
andrewarnott at gmail.com
Mon Sep 21 15:00:31 UTC 2009
Here are the two tests:
http://test-id.org/RP/POSTAssertionWithUtf8.aspx
http://test-id.org/OP/POSTAssertion.aspx
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Mon, Sep 21, 2009 at 6:53 AM, Andrew Arnott <andrewarnott at gmail.com>wrote:
> *Right*....
> I had that in my head at one point but it slipped my mind. I'll get right
> on that. :)
>
> Thanks.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
> On Mon, Sep 21, 2009 at 2:13 AM, André Cruz <andre.cruz at co.sapo.pt> wrote:
>
>> Hello Andrew
>>
>> On Sep 20, 2009, at 6:05 , Andrew Arnott wrote:
>>
>> I've finally getting around to writing those UTF-8 signature tests you
>>> asked for. It occurs to me that the only place it matters is in an OP
>>> positive assertion sent via POST. Query strings have very strict rules
>>> about allowable characters and UTF-8 characters will have to be properly
>>> escaped for query string transport, which eliminates any signature issues.
>>> POST however, I think are more capable of carrying UTF-8 payloads. So I'm
>>> designing the UTF-8 signature test to verify that OPs properly sign a
>>> positive assertion from an RP that intentionally encourages the OP to use
>>> POST instead of GET.
>>>
>>> If you think I'm missing something please let me know.
>>>
>>
>> Shouldn't you test the ability of the RPs to correctly verify the
>> signature of the UTF-8 payload as well? Just to close the circle. :)
>>
>> Best regards,
>> André Cruz
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090921/be64b225/attachment.htm>
More information about the general
mailing list