query parameters in identity URLs

Paul Crowley paul at ciphergoth.org
Tue Jun 28 01:55:08 PDT 2005

Brad Fitzpatrick wrote:
>   -- con: late change

True of any proposal to address the problem you raised

>   -- con: won't totally solve the problem for malicious attackers anyway

True of any proposal to address the problem you raised.  It does one 
well-defined thing - it puts control of the issue in the hands of the 
owner of the domain.

>   -- con: maybe somebody /wants/ to use bradfitz.com/?persona_a and
>           bradfitz.com/?persona_b  separately, just like foo+bar at host.com
>           email separators

It doesn't prevent that if the owner wants to allow it

>   -- pro: can tell that two URLs are the same:
>      -- con: but then does www.livejournal.com/users/brad/ get mapped
>              to brad.livejournal.com on other sites?  what if my paid
>              account expires, and brad.livejournal.com is now an error
>              message?

This happens only if you want it to.  You would probably rather do 
things vice versa, and have brad.livejournal.com point to 
www.livejournal.com/~brad so that lives forever.  Or (if LJ lets you) 
have both point at bradfitz.com.

> I'm seeing more cons than pros.

It's not clear that we should try to solve the original problem, but if 
we should then I see no better approach.
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list