URL relationship permanence
meepbear *
meepbear at hotmail.com
Fri Jul 1 01:36:14 PDT 2005
>Wouldn't hurt. They'd just be recommendations, anyway, not MUST items.
>
>Want to put the list together?
>
Looking at my code I have a few different errors that could occur, although
most of them can probably be grouped together as far as non-technical users
are concerned.
Network related:
* "Unable to contact the server, try again later" (connection or flow
timeout, 500 HTTP status code and the like on either the user url, any
redirections or the OpenId server, premature connection closing, etc)
URL specific:
* "The URL you entered does not appear to be valid. Please check and make
sure you typed it correctly" (Technical: unresolvable host, a 404 response
and similar HTTP errors, an unsupported connection scheme like ftp or an
invalid address if they entered an email address for instance)
* "The URL you entered does not appear to be a valid OpenID URL" (Technical:
no openid.server tag; openid.delegate without an openid.server tag or
anything related to the content of the fetched page that would prevent a
consumer from being able to associate, possibly when redirection limit or
response limit has been reached as well or the Content-Type is not HTML)
* "The URL you entered is not allowed to logon to this site" (Not part of
the spec really but my consumer will check all URLs against a list to see if
someone's allowed to login or not. Acception/rejection depends on the URL
the user entered, URL with a delegation (if present), the URL that the
server will assert and lastly the OpenId server endpoint itself. I'm
assuming most sites will have some system in place to block certain URLs?)
Protocol specific:
* 'An error occurred while contacting your OpenID server" (Technical:
anything that goes wrong when talking to the server, the case where a
consumer insists on a specific assoc/session type and the server doesn't
support it or the case where the consumer and server use different versions
of the spec)
User intervention:
* "You need to authorize the login attempt. Please click here and follow the
instructions to continue." (This one needs to be worded differently but it's
the best I can come up with at the moment)
Catch-all:
* "An unexpected error occurred." (Possibly with an error code so whoever
implemented/uses the consumer can make sense of it if a user reports it)
Maybe an "Invalid signature, possible tampering" but I would personally
throw that into the catch-all situation so that someone trying to fake an ID
can't tell the difference between an genuine error and their failure to
properly sign the id_rest response.
There are a few specific others but they're not really OpenId related, for
instance: "Unable to maintain state. Are you blocking cookies?"
More information about the yadis
mailing list