mart at degeneration.co.uk
Fri May 20 03:18:02 PDT 2005
Users are likely to accidentally enter all sorts of purturbations of
their Identity URL. Also, LiveJournal provides each user with three
different Identity URLs which all mean essentially the same thing to a
site in the know: "This person has account x at LiveJournal.com".
It would be nice if identity servers could some canonicalization of the
ID as part of processing. A lot of the time they'll be doing something
along this line anyway: LiveJournal looks for the username portion of
its own URLs and uses that as the authentication username. It would be
nice if, in this case, LiveJournal would return the canonical ID
There's already a field in the response which is currently specified as
just repeating back the ID. If the wording is changed to say that the ID
the ID server returns should be used in place of what the user entered,
then the ID server can perform canonicalization.
There are some issues with this approach, of course:
* The canonicalization rules must be the same between all applicable ID
sevrers, or else people who specify several ID servers may end up being
a different canonical ID at each one.
* Only LiveJournal can perform the LiveJournal-specific
canonocalization. This isn't such a big deal because LiveJournal URLs
only point at LiveJournal's ID server anyway.
In the general case this just provides a mechanism to indicate an
identity "permanent redirect". It's safe because the ID server can only
successfully pick out another URL which references it as an ID server.
If it uses some other URL, the key check at the consumer will fail.
It also makes life easier for consumer implementers, since if they want
to have special behavior for certain identities (such as LiveJournal
displaying "skull icons" for DeadJournal users) they only have to match
the canonical form, assuming that all ID servers asserting those
identities agree on the same canonical form.
More information about the yadis