<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Good call, I've fixed this in the SVN trunk so it will get wrapped into whatever the next spec version ends up being.<div><a href="http://svn.openid.net/diff.php?repname=specifications&path=%2Fauthentication%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=397&sc=0">http://svn.openid.net/diff.php?repname=specifications&path=%2Fauthentication%2F2.0%2Ftrunk%2Fopenid-authentication.xml&rev=397&sc=0</a><br><div><br></div><div>Thanks,</div><div>--David</div><div><br></div></div><div><div>On Aug 27, 2008, at 4:47 PM, Andrew Arnott wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Under <a href="http://openid.net/specs/openid-authentication-2_0.html#negative_assertions">http://openid.net/specs/openid-authentication-2_0.html#negative_assertions</a><br><h3><a href="http://14.2.1.">14.2.1.</a> Relying Parties</h3>When responding with a negative assertion to a "checkid_immediate" mode authentication request, the "user_setup_url" parameter MUST be returned. This is a URL that the end user may visit to complete the request. The <b><i>OP</i> </b>MAY redirect the end user to this URL, or provide the end user with a link that points to this URL.<br><br>Shouldn't this say "The <i><b>RP</b></i> MAY redirect the end user..." ???<br><br>Surely the OP shouldn't ever redirect an immediate request to a checkid_setup request without RP intervention?!<br> </div> _______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net">general@openid.net</a><br>http://openid.net/mailman/listinfo/general<br></blockquote></div><br></body></html>