handling of url redirection
Eran Hammer-Lahav
eran at hueniverse.com
Sun Feb 24 07:16:01 UTC 2008
This should be applied evenly to any of the redirect scenarios. OpenID specifies following redirects to find the final URI, while Yadis (as specified in XRI Resolution 2.0) calls to obey all HTTP rules (which includes redirects as well).
EHL
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf Of Jonathan Daugherty
Sent: Sunday, February 24, 2008 2:10 AM
To: SignpostMarv Martin
Cc: david at sixapart.com; specs at openid.net
Subject: Re: handling of url redirection
> This is what I was getting at- it'd be good to give users an identical
> experience when they sign into various OpenID-enabled apps.
Just to be clear, this is not an interop issue. This is a matter of
drawing the line between what is sane and what is not. For
pathological cases (e.g., excessive redirects) there isn't a sane
interop behavior, only a sane fallback behavior. +1 for
_recommending_ a maximum number of redirects in the spec so
implementors have some idea of what is sane. I think any more than 10
is pathological.
--
Jonathan Daugherty
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list