On 19-Apr-07, at 7:29 AM, Rowan Kerr wrote:

> On 18-Apr-07, at 9:47 PM, Johnny Bufu wrote:
>> The core spec doesn't allow newline characters ("\n") in any openid.*
>> values. Currently, Attribute Exchange doesn't specify a way to encode
>> newlines in attribute values.
> Every indirect OpenID message would seem to be already url-encoded by
> the browser, or server as post data .. so "\n" => %0A (i.e.
> application/x-www-form-urlencoded mime type)
> Do we need a pre-url-encode encoding, or can we rely on browsers to
> do the right thing... I suppose it's helpful to spell it out for non-
> browser agents that want to pass OpenID messages.

I think we do need pre-URL-encoding, mainly because of signatures. In  
order to calculate the signature the parameters must be put together  
in a special way and new line characters are not allowed.

> If we want to define sending binary data in OpenID messages, maybe we
> should leverage multipart/form-data.

Same as above, need to encode for signatures to work.


specs mailing list

Reply via email to