Broadening my reply to the list.<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Sat, Apr 25, 2009 at 9:06 PM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Shade,<div><br></div><div>Users are not expected to enter their #fragment part of their claimed identifier, as you expect. In fact I believe the spec says that if the user were to enter a fragment, the RP should trim it off before sending the auth request to the OP.</div>
<div><br></div><div>Directed identity is simply the RP sending the special identifier_select URI as the user's claimed_id and identity parameters. But whether directed identity is in play or not, the OP may and should append the fragment part of the user's claimed identifier when it exists in the OP's database for generation management as you suggest.</div>
<div><br></div><div>So #fragments never go from RP to OP, but they will always go from OP to RP if they exist, regardless of whether directed identity is used.<br clear="all"><font color="#888888">--<br>Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire</font><div><div></div><div class="h5"><br>
<br><br><div class="gmail_quote">On Sat, Apr 25, 2009 at 5:51 PM, SitG Admin <span dir="ltr"><<a href="mailto:sysadmin@shadowsinthegarden.com" target="_blank">sysadmin@shadowsinthegarden.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I thought the idea with generation fragments was that the user would enter '<a href="http://site.net/myname" target="_blank">site.net/myname</a>' and the OP would use Directed Identity to turn that into '<a href="http://site.net/myname#2" target="_blank">site.net/myname#2</a>' (for the second user to have that name), not that the user would enter said generation fragments themself. That said, I just experimented with appending '#generation' manually, and confirmed that this was treated as a different URI (which was only to be expected, since the specs permit any string that would be a legal URL).<br>
<br>
I was *hoping* to find a character that would be ignored ('#' seemed most likely, since Directed Identity doesn't rely on it being entered as part of the original URI), one that I could use to parse out additional parameters such as '#SecretAccessCode0123' and '#WML' - these would be stored on my server's side, then used as preferences when the user returned. But since it's conceivable that a user might have an actual URI ending in (for example) '#WML', *removing* these from the input before my RP decides to treat the whole string as a URI and performs discovery on it, may inadvertently mangle the user's URI.<br>
<br>
I'm inclined to go ahead with this method for now, since I doubt many users *will* have a URI like that, and I doubt many users will be browsing the site where this is implemented in any case (so it's not like I'll be giving millions of users the wrong idea about permitted characters). But if any of you currently planning future updates to the specs have a better idea for what character to use as a delimiter, I'd love to hear it :)<br>
<br>
-Shade<br>
_______________________________________________<br>
specs mailing list<br>
<a href="mailto:specs@openid.net" target="_blank">specs@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/specs" target="_blank">http://openid.net/mailman/listinfo/specs</a><br>
</blockquote></div><br></div></div></div>
</blockquote></div><br>