Martin Atkins wrote:
> It may be worth noting that some implementations have both a limit on
> the actual number of redirects and on the total time for the request,
> including all redirects. In otherwords, unreasonable redirects can be
> measured by the time taken to do them rather than their a
Jonathan Daugherty wrote:
>> This is what I was getting at- it'd be good to give users an identical
>> experience when they sign into various OpenID-enabled apps.
>
> Just to be clear, this is not an interop issue. This is a matter of
> drawing the line between what is sane and what is not. Fo
] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
Daugherty
Sent: Sunday, February 24, 2008 2:10 AM
To: SignpostMarv Martin
Cc: [EMAIL PROTECTED]; specs@openid.net
Subject: Re: handling of url redirection
> This is what I was getting at- it'd be good to give users an identical
> expe
> This is what I was getting at- it'd be good to give users an identical
> experience when they sign into various OpenID-enabled apps.
Just to be clear, this is not an interop issue. This is a matter of
drawing the line between what is sane and what is not. For
pathological cases (e.g., excess
Aside from the depth issue, is there any distinction drawn between 301
(permanent) or 302 (temporary) redirects in the OpenID specification?
David Recordon wrote:
Hi Marv,
This has never been specified as a relying party could choose to
follow as many redirects as it wishes. Maybe there sho
David Recordon wrote:
> Hi Marv,
> This has never been specified as a relying party could choose to
> follow as many redirects as it wishes. Maybe there should be a hard
> line drawn though from an interoperability side?
This is what I was getting at- it'd be good to give users an identical
exp
Hi Marv,
This has never been specified as a relying party could choose to
follow as many redirects as it wishes. Maybe there should be a hard
line drawn though from an interoperability side?
--David
On Feb 17, 2008, at 3:06 PM, SignpostMarv Martin wrote:
> Was talking with keturn in #openid
Was talking with keturn in #openid , and it seems that the spec
currently doesn't indicate how 30x redirects should be handled.
More specifically, how deep an OpenID-enabled application should follow
redirects before giving up.
~ Marv
___
specs maili