redirects on openid identities
Brad Fitzpatrick
brad at danga.com
Wed Jul 13 19:48:36 PDT 2005
The correct and only behavior is documented in the spec. The server
shouldn't touch the URL at all. It's all left up to the consumer.
- Brad
On Wed, 13 Jul 2005, Rev. Jeffrey Paul wrote:
>
> My first issue is the requirement of a trailing slash on OpenID identity
> urls. When a user enters a url, there's no way of knowing if there is a
> trailing slash required - an issue when a consumer tries to convert it
> into the canonical form, as required by the spec.
>
> http://host.com/~user/ is the convention - yes. But what of
> http://host.com/file_without_an_extension (which is the w3c
> recommendation for url formats)? What about
> http://host.com/users/username ? When should a consumer
> append a slash and not? Personally, I think the servers should be
> smarter. Requiring the trailing slash is unnecessarily picky, and
> creates an unsolvable problem for consumers.
>
>
>
> My primary issue is along the same lines. If I try to validate
> http://livejournal.com/~user/, the fetch of the link tags gets
> redirected to http://www.livejournal.com/~user/. My consumer then uses
> the server specified within, and it gets denied as being an identity
> that 'user' can't provide. If I specify the identity
> 'http://www.livejournal.com/~user/', it works fine.
>
> Should the identity provided to the server be the url after any/all
> redirections, or should the server be smarter? Personally, as
> "http://livejournal.com/~username/" is a valid LJ address, I consider
> this to be a bug in the LJ server implementation, but I can see the
> other side, too.
>
> The issue this raises is an ambiguity to the consumer - is the _real_ id
> the (valid) one the user entered, or is it the result of the redirects?
>
> -j
>
> PS: My apologies if this is a little hard to follow - I've caught a cold
> and DayQuil is having some fun with my brain.
>
> --
> --------------------------------------------------------
> Rev. Jeffrey Paul -datavibe- sneak at datavibe.net
> aim:x736e65616b pgp:0x40754B94 phone:877-748-3467
> F3F7 FFB7 B966 3675 9170 5265 AD12 0474 4075 4B94
> --------------------------------------------------------
>
>
More information about the yadis
mailing list