On 19-Apr-07, at 7:29 AM, Rowan Kerr wrote: > On 18-Apr-07, at 9:47 PM, Johnny Bufu wrote: >> The core spec doesn't allow newline characters ("\n") in any openid.* >> values. Currently, Attribute Exchange doesn't specify a way to encode >> newlines in attribute values. > > Every indirect OpenID message would seem to be already url-encoded by > the browser, or server as post data .. so "\n" => %0A (i.e. > application/x-www-form-urlencoded mime type) > > Do we need a pre-url-encode encoding, or can we rely on browsers to > do the right thing... I suppose it's helpful to spell it out for non- > browser agents that want to pass OpenID messages.
I think we do need pre-URL-encoding, mainly because of signatures. In order to calculate the signature the parameters must be put together in a special way and new line characters are not allowed. > > If we want to define sending binary data in OpenID messages, maybe we > should leverage multipart/form-data. Same as above, need to encode for signatures to work. Marius _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs