<i>Right</i>....<div><br></div><div>I had that in my head at one point but it slipped my mind. I'll get right on that. :)</div><div><br></div><div>Thanks.</div><div><br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Mon, Sep 21, 2009 at 2:13 AM, André Cruz <span dir="ltr"><<a href="mailto:andre.cruz@co.sapo.pt">andre.cruz@co.sapo.pt</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hello Andrew<div class="im"><br>
<br>
On Sep 20, 2009, at 6:05 , Andrew Arnott wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I've finally getting around to writing those UTF-8 signature tests you asked for. It occurs to me that the only place it matters is in an OP positive assertion sent via POST. Query strings have very strict rules about allowable characters and UTF-8 characters will have to be properly escaped for query string transport, which eliminates any signature issues. POST however, I think are more capable of carrying UTF-8 payloads. So I'm designing the UTF-8 signature test to verify that OPs properly sign a positive assertion from an RP that intentionally encourages the OP to use POST instead of GET.<br>
<br>
If you think I'm missing something please let me know.<br>
</blockquote>
<br></div>
Shouldn't you test the ability of the RPs to correctly verify the signature of the UTF-8 payload as well? Just to close the circle. :)<br>
<br>
Best regards,<br><font color="#888888">
André Cruz<br>
<br>
</font></blockquote></div><br></div>