query parameters in identity URLs
paul at ciphergoth.org
Tue Jun 28 01:55:08 PDT 2005
Brad Fitzpatrick wrote:
> -- con: late change
True of any proposal to address the problem you raised
> -- con: won't totally solve the problem for malicious attackers anyway
True of any proposal to address the problem you raised. It does one
well-defined thing - it puts control of the issue in the hands of the
owner of the domain.
> -- con: maybe somebody /wants/ to use bradfitz.com/?persona_a and
> bradfitz.com/?persona_b separately, just like foo+bar at host.com
> email separators
It doesn't prevent that if the owner wants to allow it
> -- pro: can tell that two URLs are the same:
> -- con: but then does www.livejournal.com/users/brad/ get mapped
> to brad.livejournal.com on other sites? what if my paid
> account expires, and brad.livejournal.com is now an error
This happens only if you want it to. You would probably rather do
things vice versa, and have brad.livejournal.com point to
www.livejournal.com/~brad so that lives forever. Or (if LJ lets you)
have both point at bradfitz.com.
> I'm seeing more cons than pros.
It's not clear that we should try to solve the original problem, but if
we should then I see no better approach.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis