URL relationship permanence

meepbear * meepbear at hotmail.com
Fri Jul 1 01:36:14 PDT 2005

>Wouldn't hurt.  They'd just be recommendations, anyway, not MUST items.
>Want to put the list together?

Looking at my code I have a few different errors that could occur, although 
most of them can probably be grouped together as far as non-technical users 
are concerned.

Network related:
* "Unable to contact the server, try again later" (connection or flow 
timeout, 500 HTTP status code and the like on either the user url, any 
redirections or the OpenId server, premature connection closing, etc)

URL specific:
* "The URL you entered does not appear to be valid. Please check and make 
sure you typed it correctly" (Technical: unresolvable host, a 404 response 
and similar HTTP errors, an unsupported connection scheme like ftp or an 
invalid address if they entered an email address for instance)
* "The URL you entered does not appear to be a valid OpenID URL" (Technical: 
no openid.server tag; openid.delegate without an openid.server tag or 
anything related to the content of the fetched page that would prevent a 
consumer from being able to associate, possibly when redirection limit or 
response limit has been reached as well or the Content-Type is not HTML)
* "The URL you entered is not allowed to logon to this site" (Not part of 
the spec really but my consumer will check all URLs against a list to see if 
someone's allowed to login or not. Acception/rejection depends on the URL 
the user entered, URL with a delegation (if present), the URL that the 
server will assert and lastly the OpenId server endpoint itself. I'm 
assuming most sites will have some system in place to block certain URLs?)

Protocol specific:
* 'An error occurred while contacting your OpenID server" (Technical: 
anything that goes wrong when talking to the server, the case where a 
consumer insists on a specific assoc/session type and the server doesn't 
support it or the case where the consumer and server use different versions 
of the spec)

User intervention:
* "You need to authorize the login attempt. Please click here and follow the 
instructions to continue." (This one needs to be worded differently but it's 
the best I can come up with at the moment)

* "An unexpected error occurred." (Possibly with an error code so whoever 
implemented/uses the consumer can make sense of it if a user reports it)

Maybe an "Invalid signature, possible tampering" but I would personally 
throw that into the catch-all situation so that someone trying to fake an ID 
can't tell the difference between an genuine error and their failure to 
properly sign the id_rest response.

There are a few specific others but they're not really OpenId related, for 
instance: "Unable to maintain state. Are you blocking cookies?"

More information about the yadis mailing list