Inferring return_to

[VampWillow]

> * The server could tell them the length of the return_to in the reply
> and they could truncate to that, but I worry about possible security
> implications of that strategy

I'd also worry that (sfaiaa) it hasn't been defined whether the OpenID
parameters go before or after any existing ones ...

Alison

= = = = = = = = = = = = = = = = = = =>>>
If you live your life sideways you won't
need to worry about what lies ahead ;-P