On 29-Aug-07, at 12:19 AM, Peter Williams wrote:
> Why do I care so much about a #?
>
> Discovery in draft#12 a required security procedure - used when
> verifying the "validity" of an Auth Response.
I agree: everything starts and then relies on discovery; if it's
broken nothing works. It's pat
On 28-Aug-07, at 8:05 PM, Rowan Kerr wrote:
> On 28-Aug-07, at 6:11 PM, Johnny Bufu wrote:
>> On 27-Aug-07, at 7:05 PM, Peter Williams wrote:
>>> A. fragment identifiers on user input are to be removed. Do not
>>> remove
>>> the separator.
>>
>> Good thing we didn't call it final just yet. In my
On 28-Aug-07, at 6:11 PM, Johnny Bufu wrote:
> On 27-Aug-07, at 7:05 PM, Peter Williams wrote:
>> A. fragment identifiers on user input are to be removed. Do not
>> remove
>> the separator.
>
> Good thing we didn't call it final just yet. In my mind the separator
> was part of the fragment, but r
On 27-Aug-07, at 7:05 PM, Peter Williams wrote:
> Draft 12 - to be finalized post-hoc - says [Section 7.2] :-
>
> "If the URL contains a fragment part, it MUST be stripped off. See
> Section 11.5.2 (HTTP and HTTPS URL Identifiers) for more information."
> Ok. This is what I took away from a simp