Re: Defining how OpenID should behave with fragments in the return_to url

2009-03-24 Thread Luke Shepard
for how to return the response: 1. http://open.domain.com/openid_receiver.html?queryopenid.ns=#hash 2. http://open.domain.com/openid_receiver.html?query#hashopenid.ns= Section 4.1.2 of the spec says: When a message is sent to an HTTP server, it MUST be encoded using a form encoding

RE: Using email address as OpenID identifier

2008-04-02 Thread Paul E. Jones
many of same opinions. If OpenID is going to be practically usable by the average person, we cannot require the person to remember some very complex identifier. When I signed up for Yahoo's OpenID service, it presented me with a hideously ugly URL that looked similar to a base64-encoded string. I

Re: Defining how OpenID should behave with fragments in the return_to url

2009-03-24 Thread Andrew Arnott
Sorry, but I sorely disagree with option #2. Perf improvement or no. As a perf engineer at Microsoft says, I can optimize performance down to 0 ms if I am willing to accept incorrect behavior. The URI must not contain a hash in the middle of the query string unless that hash is URI escaped

Re: Defining how OpenID should behave with fragments in the return_to url

2009-03-26 Thread Luke Shepard
that the query can be encoded in the fragment if a fragment is present in the return_to URL. If the spec were to say it is valid, then there is no incorrect behavior (as no other spec is otherwise violated). Yup, great point. We can just say that it is valid (as Google and Yahoo have implemented it today

Re: Defining how OpenID should behave with fragments in the return_to url

2009-03-26 Thread Breno de Medeiros
question here is whether it is acceptable for the OpenID spec to define that the query can be encoded in the fragment if a fragment is present in the return_to URL. If the spec were to say it is valid, then there is no incorrect behavior (as no other spec is otherwise violated). Yup, great point

Re: Defining how OpenID should behave with fragments in the return_to url

2009-03-27 Thread Dirk Balfanz
question here is whether it is acceptable for the OpenID spec to define that the query can be encoded in the fragment if a fragment is present in the return_to URL. If the spec were to say it is valid, then there is no incorrect behavior (as no other spec is otherwise violated). Yup, great point