Re: handling of url redirection

2008-02-28 Thread SignpostMarv Martin
Martin Atkins wrote: > It may be worth noting that some implementations have both a limit on > the actual number of redirects and on the total time for the request, > including all redirects. In otherwords, unreasonable redirects can be > measured by the time taken to do them rather than their a

Re: handling of url redirection

2008-02-28 Thread Martin Atkins
Jonathan Daugherty wrote: >> This is what I was getting at- it'd be good to give users an identical >> experience when they sign into various OpenID-enabled apps. > > Just to be clear, this is not an interop issue. This is a matter of > drawing the line between what is sane and what is not. Fo

RE: handling of url redirection

2008-02-23 Thread Eran Hammer-Lahav
] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Daugherty Sent: Sunday, February 24, 2008 2:10 AM To: SignpostMarv Martin Cc: [EMAIL PROTECTED]; specs@openid.net Subject: Re: handling of url redirection > This is what I was getting at- it'd be good to give users an identical > expe

Re: handling of url redirection

2008-02-23 Thread Jonathan Daugherty
> This is what I was getting at- it'd be good to give users an identical > experience when they sign into various OpenID-enabled apps. Just to be clear, this is not an interop issue. This is a matter of drawing the line between what is sane and what is not. For pathological cases (e.g., excess

Re: handling of url redirection

2008-02-23 Thread John Panzer
Aside from the depth issue, is there any distinction drawn between 301 (permanent) or 302 (temporary) redirects in the OpenID specification? David Recordon wrote: Hi Marv, This has never been specified as a relying party could choose to follow as many redirects as it wishes. Maybe there sho

Re: handling of url redirection

2008-02-23 Thread SignpostMarv Martin
David Recordon wrote: > Hi Marv, > This has never been specified as a relying party could choose to > follow as many redirects as it wishes. Maybe there should be a hard > line drawn though from an interoperability side? This is what I was getting at- it'd be good to give users an identical exp

Re: handling of url redirection

2008-02-23 Thread David Recordon
Hi Marv, This has never been specified as a relying party could choose to follow as many redirects as it wishes. Maybe there should be a hard line drawn though from an interoperability side? --David On Feb 17, 2008, at 3:06 PM, SignpostMarv Martin wrote: > Was talking with keturn in #openid

handling of url redirection

2008-02-17 Thread SignpostMarv Martin
Was talking with keturn in #openid , and it seems that the spec currently doesn't indicate how 30x redirects should be handled. More specifically, how deep an OpenID-enabled application should follow redirects before giving up. ~ Marv ___ specs maili