Broadening my reply to the list.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire


On Sat, Apr 25, 2009 at 9:06 PM, Andrew Arnott <andrewarn...@gmail.com>wrote:

> Hi Shade,
> Users are not expected to enter their #fragment part of their claimed
> identifier, as you expect.  In fact I believe the spec says that if the user
> were to enter a fragment, the RP should trim it off before sending the auth
> request to the OP.
>
> Directed identity is simply the RP sending the special identifier_select
> URI as the user's claimed_id and identity parameters.  But whether directed
> identity is in play or not, the OP may and should append the fragment part
> of the user's claimed identifier when it exists in the OP's database for
> generation management as you suggest.
>
> So #fragments never go from RP to OP, but they will always go from OP to RP
> if they exist, regardless of whether directed identity is used.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
>
>
> On Sat, Apr 25, 2009 at 5:51 PM, SitG Admin <
> sysad...@shadowsinthegarden.com> wrote:
>
>> I thought the idea with generation fragments was that the user would enter
>> 'site.net/myname' and the OP would use Directed Identity to turn that
>> into 'site.net/myname#2' (for the second user to have that name), not
>> that the user would enter said generation fragments themself. That said, I
>> just experimented with appending '#generation' manually, and confirmed that
>> this was treated as a different URI (which was only to be expected, since
>> the specs permit any string that would be a legal URL).
>>
>> I was *hoping* to find a character that would be ignored ('#' seemed most
>> likely, since Directed Identity doesn't rely on it being entered as part of
>> the original URI), one that I could use to parse out additional parameters
>> such as '#SecretAccessCode0123' and '#WML' - these would be stored on my
>> server's side, then used as preferences when the user returned. But since
>> it's conceivable that a user might have an actual URI ending in (for
>> example) '#WML', *removing* these from the input before my RP decides to
>> treat the whole string as a URI and performs discovery on it, may
>> inadvertently mangle the user's URI.
>>
>> I'm inclined to go ahead with this method for now, since I doubt many
>> users *will* have a URI like that, and I doubt many users will be browsing
>> the site where this is implemented in any case (so it's not like I'll be
>> giving millions of users the wrong idea about permitted characters). But if
>> any of you currently planning future updates to the specs have a better idea
>> for what character to use as a delimiter, I'd love to hear it :)
>>
>> -Shade
>> _______________________________________________
>> specs mailing list
>> specs@openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>
>
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to