Okay. Can we re-word it then so it's more explicitly stated? I.E.:
Attempt discovery.
If discovery succeeds, ensure return_to URL is specified in the XRDS
document. If not present, always return negative assertion.
If discovery fails, assume return_to URL is valid and return assertion.
Thanks!
On 29/10/2007, John Ehn <[EMAIL PROTECTED]> wrote:
> I've been reviewing Draft 12, and noticed this section, which I think will
> cause problems for some systems.
>
>
> 9.2.1. Using the Realm for Return URL Verification
>
> OpenID providers SHOULD verify that the return_to URL specified in the
> r
I've been reviewing Draft 12, and noticed this section, which I think will
cause problems for some systems.
9.2.1. Using the Realm for Return URL Verification
OpenID providers SHOULD verify that the return_to URL specified in the
request is an OpenID relying party endpoint. To verify a return_t