Canonical ID

[Martin Atkins]

Users are likely to accidentally enter all sorts of purturbations of 
their Identity URL. Also, LiveJournal provides each user with three 
different Identity URLs which all mean essentially the same thing to a 
site in the know: "This person has account x at LiveJournal.com".

It would be nice if identity servers could some canonicalization of the 
ID as part of processing. A lot of the time they'll be doing something 
along this line anyway: LiveJournal looks for the username portion of 
its own URLs and uses that as the authentication username. It would be 
nice if, in this case, LiveJournal would return the canonical ID 
http://username.livejournal.com/ .

There's already a field in the response which is currently specified as 
just repeating back the ID. If the wording is changed to say that the ID 
the ID server returns should be used in place of what the user entered, 
then the ID server can perform canonicalization.

There are some issues with this approach, of course:
* The canonicalization rules must be the same between all applicable ID 
sevrers, or else people who specify several ID servers may end up being 
a different canonical ID at each one.
* Only LiveJournal can perform the LiveJournal-specific 
canonocalization. This isn't such a big deal because LiveJournal URLs 
only point at LiveJournal's ID server anyway.

In the general case this just provides a mechanism to indicate an 
identity "permanent redirect". It's safe because the ID server can only 
successfully pick out another URL which references it as an ID server. 
If it uses some other URL, the key check at the consumer will fail.

It also makes life easier for consumer implementers, since if they want 
to have special behavior for certain identities (such as LiveJournal 
displaying "skull icons" for DeadJournal users) they only have to match 
the canonical form, assuming that all ID servers asserting those 
identities agree on the same canonical form.