redirects on openid identities
Rev. Jeffrey Paul
sneak at datavibe.net
Wed Jul 13 19:22:08 PDT 2005
My first issue is the requirement of a trailing slash on OpenID identity
urls. When a user enters a url, there's no way of knowing if there is a
trailing slash required - an issue when a consumer tries to convert it
into the canonical form, as required by the spec.
http://host.com/~user/ is the convention - yes. But what of
http://host.com/file_without_an_extension (which is the w3c
recommendation for url formats)? What about
http://host.com/users/username ? When should a consumer
append a slash and not? Personally, I think the servers should be
smarter. Requiring the trailing slash is unnecessarily picky, and
creates an unsolvable problem for consumers.
My primary issue is along the same lines. If I try to validate
http://livejournal.com/~user/, the fetch of the link tags gets
redirected to http://www.livejournal.com/~user/. My consumer then uses
the server specified within, and it gets denied as being an identity
that 'user' can't provide. If I specify the identity
'http://www.livejournal.com/~user/', it works fine.
Should the identity provided to the server be the url after any/all
redirections, or should the server be smarter? Personally, as
"http://livejournal.com/~username/" is a valid LJ address, I consider
this to be a bug in the LJ server implementation, but I can see the
other side, too.
The issue this raises is an ambiguity to the consumer - is the _real_ id
the (valid) one the user entered, or is it the result of the redirects?
-j
PS: My apologies if this is a little hard to follow - I've caught a cold
and DayQuil is having some fun with my brain.
--
--------------------------------------------------------
Rev. Jeffrey Paul -datavibe- sneak at datavibe.net
aim:x736e65616b pgp:0x40754B94 phone:877-748-3467
F3F7 FFB7 B966 3675 9170 5265 AD12 0474 4075 4B94
--------------------------------------------------------
More information about the yadis
mailing list