Broadening my reply to the list. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire
On Sat, Apr 25, 2009 at 9:06 PM, Andrew Arnott <andrewarn...@gmail.com>wrote: > Hi Shade, > Users are not expected to enter their #fragment part of their claimed > identifier, as you expect. In fact I believe the spec says that if the user > were to enter a fragment, the RP should trim it off before sending the auth > request to the OP. > > Directed identity is simply the RP sending the special identifier_select > URI as the user's claimed_id and identity parameters. But whether directed > identity is in play or not, the OP may and should append the fragment part > of the user's claimed identifier when it exists in the OP's database for > generation management as you suggest. > > So #fragments never go from RP to OP, but they will always go from OP to RP > if they exist, regardless of whether directed identity is used. > -- > Andrew Arnott > "I [may] not agree with what you have to say, but I'll defend to the death > your right to say it." - Voltaire > > > > On Sat, Apr 25, 2009 at 5:51 PM, SitG Admin < > sysad...@shadowsinthegarden.com> wrote: > >> I thought the idea with generation fragments was that the user would enter >> 'site.net/myname' and the OP would use Directed Identity to turn that >> into 'site.net/myname#2' (for the second user to have that name), not >> that the user would enter said generation fragments themself. That said, I >> just experimented with appending '#generation' manually, and confirmed that >> this was treated as a different URI (which was only to be expected, since >> the specs permit any string that would be a legal URL). >> >> I was *hoping* to find a character that would be ignored ('#' seemed most >> likely, since Directed Identity doesn't rely on it being entered as part of >> the original URI), one that I could use to parse out additional parameters >> such as '#SecretAccessCode0123' and '#WML' - these would be stored on my >> server's side, then used as preferences when the user returned. But since >> it's conceivable that a user might have an actual URI ending in (for >> example) '#WML', *removing* these from the input before my RP decides to >> treat the whole string as a URI and performs discovery on it, may >> inadvertently mangle the user's URI. >> >> I'm inclined to go ahead with this method for now, since I doubt many >> users *will* have a URI like that, and I doubt many users will be browsing >> the site where this is implemented in any case (so it's not like I'll be >> giving millions of users the wrong idea about permitted characters). But if >> any of you currently planning future updates to the specs have a better idea >> for what character to use as a delimiter, I'd love to hear it :) >> >> -Shade >> _______________________________________________ >> specs mailing list >> specs@openid.net >> http://openid.net/mailman/listinfo/specs >> > >
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs