URL canonicalization

Martin Atkins mart at degeneration.co.uk
Thu Sep 15 00:06:21 PDT 2005


Dan Libby wrote:
> 
> It seems cleaner to me to use the canonical identity as primary key. 
> That way, you allow the user to enter eg:
> "http://sally.people.com/" the first time and then just
> "sally.people.com" the second time, and they both point to the same record.
> 
> You could still display ( or even store ) whatever the user entered as a
> "pretty" identifer.
> 

That falls down in this scenario:
* I have mart.mydomain.com delegated to mart.livejournal.com so that I
can use LiveJournal's identity server. I want to appear as
mart.mydomain.com.
* LiveJournal gets bought out by some evil company. I no longer trust
LiveJournal.
* I change my delegation to point at mart.coolidentityhost.com but
continue to log in as mart.mydomain.com.

In this case, I still want to be considered to be the same identity
(mart.mydomain.com) despite my ID server changing. It's the canonical
version of the claimed identity that should be used, not the delegation URL.

It's very important to use the claimed URL as the key since the ability
to switch identity servers without losing your identity is a major part
of OpenID's decentralisation.



More information about the yadis mailing list