Error behavior?

[Carl Howells]

The one current empty space in the openid spec seems to be what the 
various pieces do for error conditions.

For example, what is the correct behavior when an openid server is 
contacted with a parameter of "openid.mode=checkid_immediat"?  That's 
not a valid value for the openid.mode parameter, so what should be done? 
  Return a 404?  A 500?

Assuming the consumer sent that as a typo or coding error, rather than 
some sort of malicious attack, neither of those behaviors seem friendly. 
  Would some sort of redirect including an "openid.error" field be the 
most appropriate?

Nearly everything so far has focused on the behavior of the system when 
everything works correctly, and the user is authenticated.  There hasn't 
been any recent discussion of error-handling, and how the server should 
handle failure to authenticate in the various check_id modes.

While those are several entirely separate cases, they need to be 
enumerated, and their behavior should be specified.  Anyone want to make 
a first pass?

Carl Howells